CVE-2025-1212

Published Feb 12, 2025

Last updated 11 days ago

CVSS medium 4.3

Overview

Description: An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
Source: cve@gitlab.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

cve@gitlab.com: CWE-497

Hype score: Not currently trending

New post from https://t.co/uXvPWJy6tj (CVE-2025-1212 | GitLab Community Edition/Enterprise Edition up to 17.6.4/17.7.3/17.8.1 Request exposure of sensitive system information to an unauthorized control sphere (Issue 502196)) has been published on https://t.co/nWnOo9PqRx
@WolfgangSesin
12 Feb 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References