CNNVD-202509-1823 Information
CNNVD ID
CNNVD-202509-1823
Related CVE
- CNNVD Published: 2025-09-12
Description (Chinese)
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)10.7版本至18.1.6之前版本、18.2版本至18.2.6之前版本和18.3版本至18.3.2之前版本存在安全漏洞,该漏洞源于允许认证用户创建名称过大的令牌,可能导致令牌列表和相关管理操作中断。
Description (English)
GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security gap between GitLab Enterprise Education (EE) and GitLab Community Education (CE) versions 10.7 to 18.1.6, 18.2 to 18.2.6 and 18.3 to 18.3.2, which stems from allowing authentication users to create tokens with too large a name, which could lead to the interruption of the token list and associated management operations.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2025-09-12
Last Modified
2026-02-24
References
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/528469 https://hackerone.com/reports/3049089 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-10-09-2025-48195
Patch
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/
Share on: