← Volver a CVEs
CVE-2025-5101
MEDIUM5.0
Descripcion
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports.
Detalles CVE
Puntuacion CVSS v3.15.0
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado8/27/2025
Ultima modificacion9/2/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
gitlab:gitlab
Debilidades (CWE)
CWE-94
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/545165(cve@gitlab.com)
https://hackerone.com/reports/3124199(cve@gitlab.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.