VDB

GCVE-110-NCSC-2025-342

GCVE-110-NCSC-2025-342
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published October 27, 2025
GitLab has addressed a vulnerability in GitLab EE versions 18.4 (prior to 18.4.3) and 18.5 (prior to 18.5.1) that allowed authenticated users to improperly access projects via the access request approval process.

Weaknesses (CWE)

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-863Incorrect AuthorizationCWE-862Missing AuthorizationCWE-840-

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
GitLabvers:unknown/*
Open Sourcevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›