Description
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.
INFO
Published Date :
2025-02-13T00:55:50.295Z
Last Modified :
2025-02-13T14:57:28.962Z
Source :
GitLab
AFFECTED PRODUCTS
The following products are affected by CVE-2025-1198 vulnerability.
| Vendors | Products |
|---|---|
| Gitlab |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1198.
| URL | Resource |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/511477 |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact