CVE-2025-1299: 
GitLab vulnerability analysis and mitigation

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, and all versions starting from 18.2 before 18.2.1. The vulnerability could allow an unauthorized user to read deployment job logs by sending a crafted request (GitLab Release, NVD Database).

The vulnerability is classified as an Improper Access Control issue (CWE-862). It has been assigned a CVSS v3.1 score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, with no user interaction needed (GitLab Release).

The vulnerability allows unauthorized users to access deployment job logs through crafted requests, potentially exposing sensitive information contained within these logs (GitLab Release).

GitLab has released patches in versions 18.0.5, 18.1.3, and 18.2.1 to address this vulnerability. It is strongly recommended that all affected installations be upgraded to the latest version immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take any action (GitLab Release).