{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T11:46:23.212","vulnerabilities":[{"cve":{"id":"CVE-2025-12576","sourceIdentifier":"cve@gitlab.com","published":"2026-03-11T16:16:18.030","lastModified":"2026-03-18T13:35:10.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data."},{"lang":"es","value":"GitLab ha remediado un problema en GitLab CE/EE que afecta a todas las versiones desde la 9.3 anterior a la 18.7.6, la 18.8 anterior a la 18.8.6, y la 18.9 anterior a la 18.9.2 que bajo ciertas condiciones podría haber permitido a un usuario autenticado causar una denegación de servicio debido a un manejo inadecuado de los datos de respuesta de los webhooks."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"18.7.6","matchCriteriaId":"A329CFCD-133E-424E-BC76-B046F35D4A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"18.7.6","matchCriteriaId":"738FF258-E211-4023-ADA6-9C7D78D9BE78"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"18.8.0","versionEndExcluding":"18.8.6","matchCriteriaId":"B703CB01-7F6D-4D6E-AE88-CF2F8012CA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"18.8.0","versionEndExcluding":"18.8.6","matchCriteriaId":"2B1F834B-A628-4894-A531-1A2A60DD58D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"18.9.0","versionEndExcluding":"18.9.2","matchCriteriaId":"44EAE9A6-5ED9-42F6-9BBD-0E2F8072F0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"18.9.0","versionEndExcluding":"18.9.2","matchCriteriaId":"12A2DEC0-C471-4C98-960C-405209403AB9"}]}]}],"references":[{"url":"https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/579170","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3395198","source":"cve@gitlab.com","tags":["Permissions Required"]}]}}]}