CNNVD-202507-3060 Information

CNNVD ID

CNNVD-202507-3060

Related CVE

CVE-2025-4976

• CNNVD Published: 2025-07-24

Description (Chinese)

GitLab Enterprise Edition（EE）是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition 17.0至18.0.5之前版本、18.1至18.1.3之前版本和18.2至18.2.1之前版本存在安全漏洞，该漏洞源于攻击者可能访问GitLab Duo响应中的内部注释。

Description (English)

GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security loophole in previous versions of GitLab Enterprise 17.0-18.0.5, 18.1-18.1.3 and 18.2-18.2.1, which stems from internal comments in the response of the assailants who may visit GitLab Duo.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-07-24

Last Modified

2026-02-24

References

https://gitlab.com/gitlab-org/gitlab/-/issues/543905 https://hackerone.com/reports/3149956

Patch

https://packages.gitlab.com/gitlab/gitlab-ee