CVE-2025-13978
📋 TL;DR
This vulnerability allows authenticated users to discover the names of private projects they shouldn't have access to through API requests. It affects GitLab CE/EE instances running vulnerable versions. While it doesn't allow access to project contents, it reveals existence information that should remain confidential.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker could map all private projects in an organization, enabling targeted social engineering, reconnaissance for future attacks, or identification of sensitive project names that reveal business activities.
Likely Case
Internal users or compromised accounts discover private project names they shouldn't know about, potentially violating internal access controls and confidentiality requirements.
If Mitigated
With proper authentication controls and monitoring, the impact is limited to information disclosure without access to actual project data or code.
🎯 Exploit Status
Exploitation requires authenticated access to the GitLab instance. The vulnerability is in API endpoint handling.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.4.6, 18.5.4, or 18.6.2
Vendor Advisory: https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 18.4.6, 18.5.4, or 18.6.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict API Access
allLimit API access to trusted IP ranges or implement additional authentication layers for API endpoints.
Configure firewall rules or GitLab application settings to restrict API access
🧯 If You Can't Patch
- Implement strict access controls and monitor API usage for unusual patterns
- Consider temporarily disabling certain API endpoints or implementing rate limiting
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or command line. If version falls within affected ranges, instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
After patching, verify version is 18.4.6, 18.5.4, or 18.6.2 or higher. Test that authenticated users cannot enumerate private project names via API.📡 Detection & Monitoring
Log Indicators:
- Unusual patterns of API requests to project listing endpoints
- Multiple failed access attempts to private projects
Network Indicators:
- High volume of API requests to /api/v4/projects or similar endpoints from single users
SIEM Query:
source="gitlab" AND (uri_path="/api/v4/projects" OR uri_path="/api/v4/groups/*/projects") | stats count by user, uri_path