CVE-2025-5121

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-5121
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5121.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-5121
Aliases
Downstream
Published
2025-06-20T18:15:28Z
Modified
2025-07-01T16:47:59.603636Z
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events

Affected versions

v17.*

v17.11.0-ee
v17.11.1-ee
v17.11.2-ee
v17.11.3-ee