Improper Authorization in GitLab CE/EE Affects Multiple Versions
CVE-2025-12555

4.3MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 11 March 2026

What is CVE-2025-12555?

An issue has been identified in GitLab CE/EE that could potentially allow authenticated users to gain unauthorized access to sensitive pipeline job information. This vulnerability arises from inadequate authorization checks within projects where both repository and CI/CD functionalities are disabled. Specifically, users may exploit this flaw to retrieve information from previous pipeline jobs, exposing internal data that should remain confidential. GitLab has recognized and patched this issue in recent updates, ensuring improved security measures for its users.

Affected Version(s)

GitLab 15.1 < 18.7.6

GitLab 18.8 < 18.8.6

GitLab 18.9 < 18.9.2

References

https://hackerone.com/reports/3354642

technical-descriptionexploitpermissions-required

https://gitlab.com/gitlab-org/gitlab/-/work_items/579126

https://about.gitlab.com/releases/2026/03/11/patch-releas...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2026
Vulnerability Reserved
Oct 31, 2025

Credit

Thanks [iamgk808](https://hackerone.com/iamgk808) for reporting this vulnerability through our HackerOne bug bounty program

CVE-2025-12555 Data

JSON