7 matches found
CVE-2025-1198
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results...
CVE-2025-1198 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ee-fips, gitlab-pages, gitlab-ee-fips, gitlab-pages-fips, gitlab-runner-fips, gitlab-cng, gitlab-rails-ee, gitlab-cng-fips, gitlab-ee...
CVE-2025-1198 vulnerabilities
Vulnerabilities for packages: gitlab-pages, gitlab-cng...
CVE-2025-1198
creationtimestamp| type| source ---|---|--- 2025-02-13 01:28:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113993982140981348 2025-02-13 02:16:04+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzmlxhx2v2x 2025-02-13 04:36:57+00:00| seen|...
CVE-2025-1198 Insufficient Session Expiration in GitLab
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results...
CVE-2025-1198
The CVE-2025-1198 entry covers a GitLab CE/EE issue where long‑lived ActionCable connections could allow revoked Personal Access Tokens to access streaming results. Affected versions are GitLab 16.11 up to 17.6.5 (inclusive fixes), 17.7 up to 17.7.4, and 17.8 up to 17.8.2. The underlying root cau...
GitLab 16.11 < 17.6.5 / 17.7 < 17.7.4 / 17.8 < 17.8.2 (CVE-2025-1198)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allow...