Severity
Medium
Analysis Summary
CVE-2024-10925 CVSS:5.3
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization check.
CVE-2024-8186 CVSS:5.4
GitLab is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the self hosted instances.
CVE-2025-0307 CVSS:4.3
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization.
Impact
- Information Disclosure
- Cross-site Scripting
Indicators of Compromise
CVE
CVE-2024-10925
CVE-2024-8186
CVE-2025-0307
Affected Vendors
- GitLab
Affected Products
- GitLab - 17.9
- GitLab - 17.8.3
- GitLab - 17.7.5
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.