CNNVD-202510-1279 Information

Oct 09, 2025 cve

CNNVD ID

CNNVD-202510-1279

CVE-2025-11340

  • CNNVD Published: 2025-10-09

Description (Chinese)

GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition(EE) 18.3版本至18.3.4版本和18.4版本至18.4.2版本存在安全漏洞,该漏洞源于GraphQL突变范围不正确,可能导致具有只读API令牌的认证用户执行未经授权的写入操作。

Description (English)

GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security loophole between versions 18.3 to 18.3.4 and 18.4 to 18.4.2 of GitLab Enterprise (EE) versions 18.3 to 18.4.2, which stems from the incorrect scope of the GramphQL mutation, which may result in unauthorized writing by a certified user with only API-reading tokens.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-10-09

Last Modified

2026-02-24

References

https://gitlab.com/gitlab-org/gitlab/-/issues/567847 https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ https://access.redhat.com/security/cve/cve-2025-11340 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-08-10-2025-48417

Patch

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/

Share on: