CNNVD-202602-2006 Information
CNNVD ID
CNNVD-202602-2006
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
GitLab是美国GitLab公司的一个端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab CE/EE 18.6.6之前版本、18.7.4之前版本和18.8.4之前版本存在访问控制错误漏洞,该漏洞源于Web IDE验证不完整,可能导致未经验证的用户窃取令牌并访问私有仓库。
Description (English)
GitLab is an end-to-end software development platform for the United States company GitLab with built-in version control, problem tracking, code review, CI/CD (continuous integration and continuous delivery). Prior to Gitlab CE/EE 18.6.6.6, pre 18.7.4 and pre 18.8.4, there was a bug in access control, which stemmed from the incomplete authentication of Web IDE, which could lead to unauthorized users stealing tokens and visiting private warehouses.
Vulnerability Type
访问控制错误
Affected Vendor
GitLab
Published
2026-02-11
Last Modified
2026-02-24
References
https://hackerone.com/reports/3234976 https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/555440 https://access.redhat.com/security/cve/cve-2025-7659
Patch
https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/
Share on: