CVE-2025-2867
27.03.2025, 14:15
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users.
| Vendor | Product | Version |
|---|---|---|
| gitlab | gitlab | 17.8.0 ≤ 𝑥 < 17.8.6 |
| gitlab | gitlab | 17.8.0 ≤ 𝑥 < 17.8.6 |
| gitlab | gitlab | 17.9.0 ≤ 𝑥 < 17.9.3 |
| gitlab | gitlab | 17.9.0 ≤ 𝑥 < 17.9.3 |
| gitlab | gitlab | 17.10.0 |
| gitlab | gitlab | 17.10.0 |
𝑥
= Vulnerable software versions