Access Control Vulnerability in GitLab EE Affecting Specific Versions
CVE-2025-8770
6.5MEDIUM
What is CVE-2025-8770?
A security issue has been identified in GitLab EE that affects various versions, enabling authenticated users with certain permissions to manipulate approval rule identifiers. This manipulation could lead to the bypassing of established merge request approval policies, potentially compromising the integrity of code contributions within the platform. Organizations using affected versions should prioritize applying the necessary patches to bolster their security posture.
Affected Version(s)
GitLab 18.0 < 18.0.6
GitLab 18.1 < 18.1.4
GitLab 18.2 < 18.2.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This vulnerability has been discovered internally by GitLab team member [Dominic Bauer](https://gitlab.com/bauerdominic).