{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-5982","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2025-06-10T14:05:31.817Z","datePublished":"2025-06-12T16:27:56.700Z","dateUpdated":"2025-06-12T17:29:27.471Z"},"containers":{"cna":{"title":"Insufficient Granularity of Access Control in GitLab","descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"12.0","status":"affected","lessThan":"17.10.8","versionType":"semver"},{"version":"17.11","status":"affected","lessThan":"17.11.4","versionType":"semver"},{"version":"18.0","status":"affected","lessThan":"18.0.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-1220: Insufficient Granularity of Access Control","cweId":"CWE-1220","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/514456","name":"GitLab Issue #514456","tags":["issue-tracking","permissions-required"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 17.10.8, 17.11.4, 18.0.2 or above."}],"credits":[{"lang":"en","value":"This vulnerability has been discovered internally by GitLab team member [@joernchen](https://gitlab.com/joernchen)","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2025-06-12T16:27:56.700Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-12T17:27:31.493512Z","id":"CVE-2025-5982","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-12T17:29:27.471Z"}}]}}