CVE-2025-12697

LOW
2026-03-11 [email protected]
2.2
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 11, 2026 - 16:16 nvd
LOW 2.2

Tags

Gitlab Information Disclosure

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

Analysis

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 versions up to 18.7.6 is affected by improper encoding or escaping of output (CVSS 2.2).

Technical Context

This vulnerability (CWE-116: Improper Encoding or Escaping of Output) affects GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

Affected Products

Product: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5. Versions: up to 18.7.6.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

11
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +11
POC: 0

Share

CVE-2025-12697 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy