CNNVD-202506-2791 Information
CNNVD ID
CNNVD-202506-2791
Related CVE
- CNNVD Published: 2025-06-20
Description (Chinese)
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition(EE) 16.6至17.9.7之前版本、17.10至17.10.5之前版本和17.11至17.11.1之前版本存在跨站脚本漏洞,该漏洞源于特定条件下可能导致跨站脚本攻击和内容安全策略绕过。
Description (English)
GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. GitLab Enterprise Edition (EE) 16.6 to 17.9.7, 17.10 to 17.10.5 and 17.11 to 17.11.1 had a cross-site script loophole, which stemmed from conditions that could lead to cross-site script attacks and content security tactics.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
GitLab
Published
2025-06-20
Last Modified
2026-02-24
References
https://gitlab.com/gitlab-org/gitlab/-/issues/525363 https://hackerone.com/reports/3037340 https://vigilance.fr/vulnerability/GitLab-CE-EE-five-vulnerabilities-dated-23-04-2025-46942
Patch
https://packages.gitlab.com/gitlab/gitlab-ee
Share on: