CNNVD-202601-1664 Information
CNNVD ID
CNNVD-202601-1664
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition(EE) 18.5.5之前版本、18.6.3之前版本和18.7.1之前版本存在安全漏洞,该漏洞源于GraphQL变更中缺少授权检查,可能导致已验证用户修改实例范围的AI功能提供商设置。
Description (English)
GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security loophole in GitLab Enterprise Edition (EE) pre 18.5.5, pre 18.6.3 and pre 18.7.1 resulting from the lack of authorization checks in the GraphQL change, which may lead to AI functionality provider settings that have validated user changes to the scope of the example.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2026-01-09
Last Modified
2026-02-24
References
https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/578756 https://hackerone.com/reports/3400940
Patch
https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/
Share on: