Exposure of System Data to an Unauthorized Control Sphere Affecting gitlab-pages-17.6 package, versions <17.6.5-r0
Threat Intelligence
Exploit Maturity
Exploit maturity not defined.
Not Defined
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CHAINGUARDLATEST-GITLABPAGES176-8728431
- published14 Feb 2025
- disclosed12 Feb 2025
Introduced: 12 Feb 2025
NewCVE-2025-1212 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade Chainguard gitlab-pages-17.6 to version 17.6.5-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream gitlab-pages-17.6 package and not the gitlab-pages-17.6 package as distributed by Chainguard.
See How to fix? for Chainguard relevant fixed versions and status.
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.