CVE-2025-1540

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-1540

Severity

Unknown

Description

An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."

References

https://images.chainguard.dev/security/CGA-4pf8-fc7m-rhm3
https://github.com/advisories/GHSA-6xr7-mv6q-jx4q
https://images.chainguard.dev/security/CGA-5hpr-3rwg-m3qm
https://gitlab.com/gitlab-org/gitlab/-/issues/512765
https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/#saml-authentication-misconfigures-external-user-attribute

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-1540

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources