CNNVD-202507-1477 Information

CNNVD ID

CNNVD-202507-1477

Related CVE

CVE-2025-4972

• CNNVD Published: 2025-07-10

Description (Chinese)

GitLab Enterprise Edition（EE）是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition 18.0至18.0.4之前版本和18.1至18.1.2之前版本存在安全漏洞，该漏洞源于认证用户可能绕过组级别用户邀请限制。

Description (English)

GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security loophole in previous versions of Gitlab Enterprise 18.0 to 18.0.4, and prior versions of 18.1 to 18.1.2, which stems from the possibility that the authentication user may bypass the group level user invitation limit.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-07-10

Last Modified

2026-02-24

References

https://hackerone.com/reports/3148693 https://gitlab.com/gitlab-org/gitlab/-/issues/543816 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-09-07-2025-47672 https://nvd.nist.gov/vuln/detail/CVE-2025-4972

Patch

https://about.gitlab.com/