CVE-2025-4976

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4976

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4976.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4976

Aliases

BIT-gitlab-2025-4976

Downstream

UBUNTU-CVE-2025-4976

Published

2025-07-24T07:15:53Z

Modified

2025-07-29T06:45:11.513263Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

8c75d0bf4a4190d94326f1a854d0a102ceca4392

Fixed

5ca0e4219f737f6f0cd4b3f882dfabd5a923e559