CNNVD-202506-2798 Information
CNNVD ID
CNNVD-202506-2798
Related CVE
- CNNVD Published: 2025-06-20
Description (Chinese)
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Enterprise Edition和GitLab Community Edition 17.11至17.11.4之前版本和18.0至18.0.2之前版本存在安全漏洞,该漏洞源于缺少授权检查,可能导致合规框架应用于合规框架组之外的项目。
Description (English)
GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security loophole in Gitlab Enterprise Edition and Gitlab Community 17.11-17.11.4 and 18.0-18.0.2, which stems from a lack of authorized inspections and may lead to the application of the compliance framework to projects outside the compliance framework group.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2025-06-20
Last Modified
2026-02-24
References
https://gitlab.com/gitlab-org/gitlab/-/issues/545429 https://hackerone.com/reports/3153908
Patch
https://packages.gitlab.com/gitlab/gitlab-ee
Share on: