CNNVD-202507-1476 Information

CNNVD ID

CNNVD-202507-1476

Related CVE

CVE-2025-3396

• CNNVD Published: 2025-07-10

Description (Chinese)

GitLab Enterprise Edition（EE）是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition 13.3至17.11.6之前版本、18.0至18.0.4之前版本和18.1至18.1.2之前版本存在安全漏洞，该漏洞源于认证项目所有者可能绕过组级别分叉限制。

Description (English)

GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security gap between Gitlab Enterprise 13.3 and 17.11.6, between 18.0 and 18.0.4 and between 18.1 and 18.1.2, which stems from the possibility that the owner of the authentication project may bypass the group level fork limitation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-07-10

Last Modified

2026-02-24

References

https://gitlab.com/gitlab-org/gitlab/-/issues/534636 https://hackerone.com/reports/3079956 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-09-07-2025-47672 https://nvd.nist.gov/vuln/detail/CVE-2025-3396

Patch

https://about.gitlab.com/