CNNVD-202512-2228 Information
CNNVD ID
CNNVD-202512-2228
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition(EE) 18.4.6之前版本、18.5版本至18.5.4之前版本和18.6版本至18.6.2之前版本存在安全漏洞,该漏洞源于执行特制GraphQL查询可能导致泄露敏感信息。
Description (English)
GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security gap between GitLab Enterprise Application (EE) pre-version 18.4.6, 18.5 to 18.5.4 and 18.6 to 18.6.2, which stems from the risk of leaking sensitive information as a result of the ad hoc GraphQL query.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2025-12-11
Last Modified
2026-02-24
References
https://hackerone.com/reports/3307422 https://gitlab.com/gitlab-org/gitlab/-/issues/573766 https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-10-12-2025-49064
Patch
https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/
Share on: