CVE-2025-5121

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5121

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5121.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-5121

Aliases

BIT-gitlab-2025-5121

Downstream

UBUNTU-CVE-2025-5121

Published

2025-06-20T18:15:28Z

Modified

2025-07-01T16:47:59.603636Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

b7c061ce59a5eca5c5764fcf61be8a5103fb7d55

Fixed

eb2929592bc8e3c7b766d886766a098f10b33eb1

Affected versions

v17.*

v17.11.0-ee

v17.11.1-ee

v17.11.2-ee

v17.11.3-ee