GitLab Company CyberSecurity Posture

gitlab.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development costs and time to market while increasing developer productivity. We're the world's largest all-remote company with team members located in more than 65 countries. As part of the GitLab team, you can work from anywhere with good internet. You'll have the freedom to contribute when and where you do your best work. Interested in opportunities at GitLab? Join our talent community and share your information with our recruiting team: https://about.gitlab.com/jobs/

GitLab A.I CyberSecurity Scoring

AI scoreGitLab Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/gitlab-com.jpeg
GitLab IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreGitLab Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/gitlab-com.jpeg
GitLab IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

GitLab

Fair
Current Score
780
Baa (Fair)
01000
2 incidents
-5.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
780
NOVEMBER 2025
780
OCTOBER 2025
780
SEPTEMBER 2025
780
AUGUST 2025
780
JULY 2025
780
JUNE 2025
784
Vulnerability
16 Jun 2025 • GitLab
GitLab Critical Security Patches Addressing Multiple Vulnerabilities Including Prompt-Injection Flaw in GitLab Duo

GitLab disclosed nine vulnerabilities across its Community (CE) and Enterprise (EE) editions, with **CVE-2025-6945** being the most critical—a **prompt-injection flaw in GitLab Duo’s AI-powered review feature** that allows authenticated attackers to exfiltrate sensitive data from **confidential issues** via hidden prompts in merge request comments. This exploit leverages AI’s lack of input validation, turning an AI assistant into a vector for data leakage. Additionally, **CVE-2025-11224** (a stored XSS vulnerability in the Kubernetes proxy) enables authenticated users to execute malicious scripts, while **CVE-2025-2615** and **CVE-2025-7000** expose confidential data through GraphQL subscriptions and branch name leaks, respectively. The flaws span versions back to **15.10**, creating a broad attack surface for organizations running unpatched instances. Though no evidence of active exploitation exists, the vulnerabilities risk **unauthorized access to proprietary code, internal discussions, and project metadata**, potentially aiding supply-chain attacks or competitive espionage. GitLab has released patches (versions **18.5.2, 18.4.4, 18.3.6**) and urged immediate upgrades for self-managed deployments.

779
critical -5
GIT5234552111325
Incident Details -
Type
Vulnerability Disclosure Patch Release
Attack Vector
Prompt Injection (CVE-2025-6945) Cross-Site Scripting (CVE-2025-11224) Improper Authorization (CVE-2025-11865) Information Disclosure (CVE-2025-2615, CVE-2025-7000, CVE-2025-6171) Improper Access Control (CVE-2025-7736) Denial of Service (CVE-2025-12983) Client-Side Path Traversal (CVE-2025-11990)
Vulnerability Exploited
CVE-2025-6945 Prompt injection in GitLab Duo review Low Allows authenticated users to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. CVE-2025-11224 Cross-site scripting in k8s proxy High Allows authenticated users to execute stored XSS attacks due to improper input validation in Kubernetes proxy functionality. CVE-2025-11865 Incorrect authorization in workflows Medium Allows users to remove another user’s Duo workflows (Enterprise Edition). CVE-2025-2615 Information disclosure in GraphQL subscriptions Medium Allows blocked users to access confidential information through GraphQL WebSocket subscriptions. CVE-2025-7000 Information disclosure in access control Medium Permits unauthorized users to view confidential branch names by accessing project issues with related merge requests. CVE-2025-6171 Information disclosure in packages API Low Enables authenticated reporters to view restricted branch names through the packages API. CVE-2025-11990 Client-side path traversal in branch names Low CVE-2025-7736 Improper access control in GitLab Pages Low Allows access to GitLab Pages content through OAuth provider authentication. CVE-2025-12983 Denial of service in markdown Low
Impact
Sensitive information from confidential issues (CVE-2025-6945) Confidential branch names (CVE-2025-7000) Restricted branch names (CVE-2025-6171) Confidential information via GraphQL (CVE-2025-2615) GitLab Community Edition (CE) GitLab Enterprise Edition (EE) GitLab Duo (AI-powered review feature) Kubernetes proxy functionality GraphQL subscriptions Packages API GitLab Pages Markdown processing Potential unauthorized access to sensitive data Risk of stored XSS attacks in Kubernetes proxy Exposure of confidential issues via AI feature exploitation Potential reputational damage due to AI-powered feature vulnerabilities Trust erosion in access control mechanisms
Response
HackerOne bug bounty program researchers Release of security patches (versions 18.5.2, 18.4.4, 18.3.6) Immediate upgrade recommendation for self-managed installations Patching prompt-injection flaw in GitLab Duo Fixing XSS vulnerability in Kubernetes proxy Addressing authorization bypass in workflows Resolving information disclosure issues in GraphQL, access control, and packages API Updating libxslt to version 1.1.43 Public security advisory Urgent upgrade notification for self-managed customers Transparency about affected versions and vulnerabilities
Data Breach
Confidential issue details Confidential branch names Restricted branch names Sensitive information accessible via GraphQL subscriptions Sensitivity Of Data: High (includes confidential project information and access-controlled data) Potential exfiltration via prompt injection (CVE-2025-6945) Unauthorized access to confidential data via multiple vectors
Lessons Learned
AI-powered features (e.g., GitLab Duo) introduce new attack surfaces requiring robust input validation. Stored XSS vulnerabilities in proxy functionalities can have broad impact across integrated systems (e.g., Kubernetes). Access control mechanisms require continuous review to prevent authorization bypasses and information disclosure. Coordinated vulnerability disclosure programs (e.g., HackerOne) are effective in identifying and mitigating security flaws. Prompt patching of third-party dependencies (e.g., libxslt) is critical to comprehensive security.
Recommendations
Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6). Review and harden input validation for AI-powered features to prevent prompt-injection attacks. Audit Kubernetes proxy configurations to mitigate XSS risks. Enhance access control policies for GraphQL subscriptions, branch names, and workflows. Monitor for unauthorized access attempts targeting newly patched vulnerabilities. Participate in bug bounty programs to proactively identify and address security flaws. Regularly update all dependencies to their latest secure versions.
Investigation Status
Resolved (patches released)
Customer Advisories
GitLab.com users are already protected (no action required) Dedicated customers require no action Self-managed customers must upgrade immediately
Stakeholder Advisories
Urgent upgrade notification for self-managed customers Security advisory detailing vulnerabilities and mitigations
Post Incident Analysis
Insufficient input validation in GitLab Duo’s prompt handling (CVE-2025-6945). Improper sanitization in Kubernetes proxy leading to XSS (CVE-2025-11224). Flawed authorization checks in workflows and access control mechanisms (CVE-2025-11865, CVE-2025-7000, etc.). Inadequate restrictions on GraphQL subscriptions for blocked users (CVE-2025-2615). Outdated third-party library (libxslt) with known vulnerabilities. Implemented stricter input validation for AI feature prompts. Enhanced XSS protections in proxy functionalities. Strengthened authorization and access control policies. Restricted GraphQL subscription access for blocked users. Updated libxslt to version 1.1.43 to patch additional vulnerabilities. Released comprehensive security patches for all affected versions.
References
Blog URL Source URL
MAY 2025
784
APRIL 2025
784
MARCH 2025
784
FEBRUARY 2025
783
JANUARY 2025
783
MARCH 2022
781
Vulnerability
01 Mar 2022 • GitLab
Critical Vulnerability in GitLab Community

A critical vulnerability discovered in GitLab Community could enable an attacker to steal runner registration tokens. The vulnerability announced in GitLab security advisory affects all versions. If this vulnerability is exploited then an unauthorized user can steal runner registration tokens through an information disclosure vulnerability using quick actions commands.

780
critical -1
GIT1372322
Incident Details -
Type
Information Disclosure
Attack Vector
Quick Actions Commands
Vulnerability Exploited
Information Disclosure Vulnerability
Impact
Data Compromised: Runner Registration Tokens
Data Breach
Type Of Data Compromised: Runner Registration Tokens
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for GitLab is 780, which corresponds to a Fair rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 780.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 780.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 780.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 780.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 780.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 783.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 783.

Over the past 12 months, the average per-incident point impact on GitLab’s A.I Rankiteo Cyber Score has been -5.0 points.

You can access GitLab’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/gitlab-com.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view GitLab’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/gitlab-com.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.