Unresponsive Background Jobs in GitLab CE/EE Versions
CVE-2025-0290

4.3MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 28 January 2025

Summary

A flaw has been identified in GitLab CE/EE that affects all versions starting from 15.0 before 17.5.5, from 17.6 before 17.6.3, and from 17.7 before 17.7.1. This vulnerability can lead to situations where the processing of CI artifacts metadata results in background jobs failing to respond, which may disrupt continuous integration processes. It is essential for organizations using affected versions to assess their systems and implement necessary updates to maintain operational efficiency.

Affected Version(s)

GitLab 15.0 < 17.6.4

GitLab 17.7 < 17.7.2

GitLab 17.8 < 17.8.0

References

https://gitlab.com/gitlab-org/gitlab/-/issues/372134

issue-trackingpermissions-required

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 6, 2025

Credit

This vulnerability was discovered internally by GitLab team member [Stan Hu](https://gitlab.com/stanhu).