CNNVD-202508-3175 Information

Aug 27, 2025 cve

CNNVD ID

CNNVD-202508-3175

CVE-2025-2246

CNNVD Published: 2025-08-27

Description (Chinese)

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 18.1.5之前版本、18.2 18.2.5之前版本和18.3 18.3.1之前版本存在安全漏洞，该漏洞源于访问控制不当，可能导致敏感信息泄露。

Description (English)

GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security loophole between GitLab Enterprise Education (EE) and GitLab Community Education (CE) 18.1.5, 18.2 18.2.5 and 18.3 18.3.1, which stems from inappropriate access controls and may lead to the disclosure of sensitive information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-08-27

Last Modified

2026-02-24

References

https://hackerone.com/reports/3026559 https://gitlab.com/gitlab-org/gitlab/-/issues/524592 https://nvd.nist.gov/vuln/detail/CVE-2025-2246

Patch

https://about.gitlab.com/

Share on: