DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-14594: Scheduled for Leaks: Unmasking GitLab's Pipeline Authorization Bypass

#security #cve #cybersecurity

Scheduled for Leaks: Unmasking GitLab's Pipeline Authorization Bypass

Vulnerability ID: CVE-2025-14594
CVSS Score: 3.5
Published: 2026-02-11

A deep-dive analysis into a logic flaw within GitLab's Pipeline Schedules API. This vulnerability allows low-privileged users to bypass authorization checks and potentially exfiltrate sensitive CI/CD variables via user interaction vectors. The flaw highlights the danger of insufficient scope validation in complex API structures.

TL;DR

GitLab's Pipeline Schedules API failed to properly validate user permissions before returning sensitive schedule details. A low-privileged attacker, with some user interaction, could trick the system into revealing CI/CD variables, potentially exposing deployment keys and secrets.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-639 (Auth Bypass)
  • CVSS v3.1: 3.5 (Low)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
  • Attack Vector: Network (Authenticated + UI)
  • Impact: Information Disclosure (CI/CD Variables)
  • Exploit Maturity: PoC Only (No Active Exploitation)

Affected Systems

  • GitLab CE 17.11.0 through 18.6.5
  • GitLab EE 17.11.0 through 18.6.5
  • GitLab CE/EE 18.7.0 through 18.7.3
  • GitLab CE/EE 18.8.0 through 18.8.3
  • GitLab CE/EE: 17.11.0 - 18.6.5 (Fixed in: 18.6.6)
  • GitLab CE/EE: 18.7.0 - 18.7.3 (Fixed in: 18.7.4)
  • GitLab CE/EE: 18.8.0 - 18.8.3 (Fixed in: 18.8.4)

Code Analysis

Commit: e529f6c

Fix authorization check for pipeline schedule variables

expose :variables, if: ->(schedule, _) { can?(current_user, :admin_pipeline_schedule, schedule) }
Enter fullscreen mode Exit fullscreen mode

Commit: 24b860e

Additional test coverage for schedule variable leakage

expect(response).not_to have_gitlab_http_status(:ok)
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Update GitLab to the latest secure version immediately.
  • Audit existing Pipeline Schedules for sensitive variables and rotate keys if exposure is suspected.
  • Implement strict Role-Based Access Control (RBAC) to limit who can view pipeline configurations.

Remediation Steps:

  1. Identify your current GitLab version via /help or the API.
  2. Check if your version falls into the range 17.11.0 - 18.8.3.
  3. Apply the patch specifically for your minor version (e.g., upgrade 18.8.1 to 18.8.4).
  4. Restart the GitLab instance to reload the application code.

References

Read the full report for CVE-2025-14594 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)