CNNVD-202602-2008 Information
CNNVD ID
CNNVD-202602-2008
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 18.6.6之前版本的18.6.x版本、18.7.4之前版本的18.7.x版本和18.8.4之前版本的18.8.x版本存在安全漏洞,该漏洞源于通过GLQL API端点提交GraphQL变更,可能导致经过身份验证的用户执行未经授权的操作。
Description (English)
GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security gap between GitLab Enterprise Education (EE) and GitLab Community Education (CE) version 18.6.x, version 18.7.x, version 18.7.4 and version 18.8.x, version 18.8.04, which originates from the submission of GramQL changes through the GLQL API endpoint, which may lead to unauthorized operations by an identified user.
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2026-02-11
Last Modified
2026-02-24
References
https://gitlab.com/gitlab-org/gitlab/-/issues/583961 https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ https://hackerone.com/reports/3451435 https://access.redhat.com/security/cve/cve-2025-14592
Patch
https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/
Share on: