CVE-2025-1198 Information

Description

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/511477