Main Vulnerability Database Vulnerabilities #VU109649

#VU109649 Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2025-4979

Published: May 22, 2025

Vulnerability identifier: #VU109649

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-4979

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.

Remediation

Install updates from vendor's website.

External links

https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/

#VU109649 Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2025-4979

Description

Remediation

External links

Please verify you're human