CVE-2025-7000

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-7000
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-7000.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-7000
Aliases
Downstream
Published
2025-11-15T08:04:19.745Z
Modified
2025-11-22T13:48:35.335266Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Insertion of Sensitive Information Into Sent Data in GitLab
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests.

Database specific 
{
    "cwe_ids": [
        "CWE-201"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
a8830741d3c4ad7f6a70eed38ee7af31f298d093
Fixed
424c6d1f82a9a32df34d8059f2dadc30d356ff65
Database specific 
{
    "versions": [
        {
            "introduced": "17.6"
        },
        {
            "fixed": "18.3.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9255f56b45844196bb7657a9f1fde6aa65a5d08d
Fixed
e2798305dc3604e272e12a319a932e96c3540374
Database specific 
{
    "versions": [
        {
            "introduced": "18.4"
        },
        {
            "fixed": "18.4.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
37cc4da7158316bb9b204cef9b056f16fff1df32
Fixed
cb961538ba8e451246e168e7bbd5b1e04f69102a
Database specific 
{
    "versions": [
        {
            "introduced": "18.5"
        },
        {
            "fixed": "18.5.2"
        }
    ]
}

Affected versions

v18.*

v18.4.0-ee
v18.4.1-ee
v18.4.2-ee
v18.4.3-ee
v18.5.0-ee
v18.5.1-ee