CNNVD-202511-2848 Information
CNNVD ID
CNNVD-202511-2848
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab CE/EE 18.3版本至18.4.5之前版本、18.5版本至18.5.3之前版本和18.6版本至18.6.1之前版本存在安全漏洞,该漏洞源于特定条件下未经验证用户可通过更改请求标头加入任意组织。
Description (English)
GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security loophole between Gitlab CE/EE 18.3 and 18.4.5, between 18.5 and 18.5.3 and between 18.6 and 18.6.1, which stems from the fact that, under certain conditions, uncertified users can join any organization by changing the header of the request.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2025-11-26
Last Modified
2026-02-24
References
https://hackerone.com/reports/3370245 https://gitlab.com/gitlab-org/gitlab/-/issues/579372 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-26-11-2025-48877 https://access.redhat.com/security/cve/cve-2025-12653
Patch
https://packages.gitlab.com/gitlab/gitlab-ee
Share on: