Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.5
GitLab users can access sensitive projects without permission
CVE-2025-12704
BIT-gitlab-2025-12704
Summary
Some authenticated users may be able to access projects they shouldn't have access to. This is a serious issue because it could lead to unauthorized access to sensitive data. Update to the latest version of GitLab to fix the problem.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
Original title
Missing Authorization in GitLab
Original description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions.
nvd CVSS3.1
3.5
Vulnerability type
CWE-862
Missing Authorization
Published: 13 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026