CNNVD-202506-1658 Information

Jun 12, 2025 cve

CNNVD ID

CNNVD-202506-1658

CVE-2025-4278

CNNVD Published: 2025-06-12

Description (Chinese)

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 18.0.2之前版本存在安全漏洞，该漏洞源于新搜索页面HTML注入，可能导致账户接管。

Description (English)

GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There was a security loophole in the pre-version version of GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) 18.0.2, which originated from the injection of the new search page HTML, which could lead to the account being taken over.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-06-12

Last Modified

2026-02-24

References

https://hackerone.com/reports/3085738 https://gitlab.com/gitlab-org/gitlab/-/issues/539198 https://nvd.nist.gov/vuln/detail/CVE-2025-4278

Patch

https://about.gitlab.com/releases/

Share on: