CNNVD-202509-4240 Information
CNNVD ID
CNNVD-202509-4240
Related CVE
- CNNVD Published: 2025-09-27
Description (Chinese)
GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab EE和CE 11.10版本至18.2.7之前版本、18.3版本至18.3.3之前版本和18.4版本至18.4.1之前版本存在安全漏洞,该漏洞源于未经验证的用户可能绕过查询复杂度限制,可能导致资源耗尽和服务中断。
Description (English)
GitLab is an open-source end-to-end software development platform for United States GitLab with built-in version control, problem tracking, code review, CI/CD (continuous integration and continuous delivery). There is a security gap between GitLab EE and CE 11.10 to 18.2.7, 18.3 to 18.3.3 and 18.4 to 18.4.1, which stems from the fact that uncertified users may circumvent the complexity limits of the query, which may lead to resource depletion and disruption of services.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2025-09-27
Last Modified
2026-02-24
References
https://gitlab.com/gitlab-org/gitlab/-/issues/556838 https://hackerone.com/reports/3228134 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-26-09-2025-48317 https://access.redhat.com/security/cve/cve-2025-8014