Home

Description

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.

PUBLISHED Reserved 2025-09-11 | Published 2025-10-09 | Updated 2025-10-09 | Assigner BLSOPS




MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

0.0.0
affected

References

blog.blacklanternsecurity.com/...security-advisory-gitdumper

cve.org (CVE-2025-10282)

nvd.nist.gov (CVE-2025-10282)

Download JSON