ByteOS Network

NVD Vulnerability Details :

CVE-2025-4976

Analyzed

Source-cve@gitlab.com

Published At-24 Jul, 2025 | 07:15

Updated At-28 Jul, 2025 | 14:14

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

GitLab Inc.

>>gitlab>>Versions from 17.0.0(inclusive) to 18.0.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 18.1.0(inclusive) to 18.1.3(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>18.2

cpe:2.3:a:gitlab:gitlab:18.2:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-213	Primary	cve@gitlab.com
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: CWE-213

Type: Primary

Source: cve@gitlab.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/543905	cve@gitlab.com	Broken Link
https://hackerone.com/reports/3149956	cve@gitlab.com	Permissions Required

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/543905

Source: cve@gitlab.com

Resource:

Broken Link

Hyperlink: https://hackerone.com/reports/3149956

Source: cve@gitlab.com

Resource:

Permissions Required

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History