CNNVD-202602-2011 Information
CNNVD ID
CNNVD-202602-2011
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
GitLab是美国GitLab公司的一个端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab EE 18.6.6之前版本的18.0.x版本、18.7.4之前版本的18.7.x版本和18.8.4之前版本的18.8.x版本存在代码问题漏洞,该漏洞源于允许具有特定权限的经过身份验证用户通过GitLab服务器向内部网络服务发出未经授权的请求。
Description (English)
GitLab is an end-to-end software development platform for the United States company GitLab with built-in version control, problem tracking, code review, CI/CD (continuous integration and continuous delivery). The pre-GitLab EE 18.6.6 version 18.0.x, pre-Sir 18.7.x and pre-Sir 18.8.4 version 18.8.x had a code breach, which stemmed from allowing unauthorized requests to the internal network service from an identification user with specific privileges through the GitLab server.
Vulnerability Type
代码问题
Affected Vendor
GitLab
Published
2026-02-11
Last Modified
2026-02-24
References
https://gitlab.com/gitlab-org/gitlab/-/issues/579171 https://hackerone.com/reports/3397752 https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ https://access.redhat.com/security/cve/cve-2025-12575
Patch
https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/
Share on: