CVE-2025-13611
📋 TL;DR
This vulnerability in GitLab CE/EE allows authenticated users with access to certain logs to obtain sensitive tokens under specific conditions. It affects all GitLab instances running vulnerable versions, potentially exposing authentication tokens or other secrets. The impact is limited to users who already have authenticated access to the system.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious insider could obtain sensitive tokens (like API tokens, OAuth tokens, or authentication tokens) that could be used to escalate privileges, access unauthorized data, or perform actions as other users.
Likely Case
An authenticated user with legitimate log access could accidentally or intentionally view sensitive tokens in logs, potentially compromising token security but requiring additional steps to exploit.
If Mitigated
With proper access controls limiting log access to trusted administrators only, the impact is minimal as only authorized personnel would have access to potentially sensitive log data.
🎯 Exploit Status
Exploitation requires authenticated access and specific conditions for token exposure in logs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.4.5, 18.5.3, or 18.6.1
Vendor Advisory: https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance and database. 2. Update GitLab to version 18.4.5, 18.5.3, or 18.6.1 depending on your current version track. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Log Access
linuxLimit access to GitLab logs to only trusted administrators who require it for their duties.
# Review and adjust log file permissions
chmod 640 /var/log/gitlab/*
# Ensure only gitlab user and admins have access
chown gitlab:gitlab /var/log/gitlab/*
Rotate Sensitive Tokens
allProactively rotate any API tokens, OAuth tokens, or authentication tokens that might have been exposed in logs.
# Use GitLab API or UI to rotate tokens
# For personal access tokens: User Settings > Access Tokens
# For project/group access tokens: Project/Group Settings > Access Tokens
🧯 If You Can't Patch
- Implement strict access controls to limit log access to essential personnel only
- Monitor log access and implement alerting for unusual log viewing patterns
🔍 How to Verify
Check if Vulnerable:
Check your GitLab version against affected ranges: 13.2-18.4.4, 18.5.0-18.5.2, or 18.6.0Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 18.4.5, 18.5.3, or 18.6.1 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual patterns of log file access by authenticated users
- Multiple log views in short timeframes by non-admin users
Network Indicators:
- Excessive requests to log endpoints by single users
SIEM Query:
source="gitlab" AND (uri_path="/admin/logs" OR uri_path="/logs") AND user!="admin_user" | stats count by user, uri_path