GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.10.7,...

CVE-2026-3988

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to incorrect authentication, allows a hacker to bypass existing security restrictions.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to trigger a service failure.

The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to unlimited resource distribution. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures by sending specially craft...

The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to perform a CSRF attack.

The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to the manipulation of inter-site requests. Exploiting this vulnerability allows an attacker operating remotely to perform a CSRF attack...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of protective measures for website structures, allowing attackers to gain access to user accounts.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to a user’s account...

The vulnerability of the tool for viewing content parameters on a software platform based on Git, which is used for collaborative code development on GitLab. This vulnerability stems from the lack of protective measures for website structures, allowing attackers to carry out XSS attacks.

The vulnerability of the tool for viewing content parameters on the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS...

The vulnerability of the Background Job Handler component of the software platform based on Git, which is used for collaborative code development on GitLab, allows a malicious actor to cause a system failure.

The vulnerability of the Background Job Handler component of the software platform based on Git, which is used for collaborative code development on GitLab, is related to insufficient memory allocation for operations. Exploiting this vulnerability can allow a malicious actor to cause a system...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in its unlimited resource distribution, which allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from an improper limitation on the visible layers of the user interface. This allows attackers to perform spoofing attacks.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an incorrect restriction on the visible layers of the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

The vulnerability of the “Subscriptions” module in the GraphQL API of the software platform based on git for collaborative code development on GitLab allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the “Subscriptions” module in the GraphQL API of the software platform based on Git for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass security restrictions and gain...

The vulnerability of the Application Security (AppSec) module of a software platform based on Git for collaborative code development on GitLab allows attackers to perform cross-site scripting attacks.

The vulnerability of the Application Security AppSec module of a Git-based software development platform for collaborative code editing on GitLab is related to the lack of protective measures for website structures. Exploiting this vulnerability allows an attacker operating remotely to perform...

The vulnerability of the Harbor Registry module of the Git-based software platform for collaborative code development on GitLab allows a hacker to execute arbitrary code.

The vulnerability of the Harbor Registry module of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability in the implementation of the SAML SSO protocol for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO protocol implementation for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass...

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass authentication processes...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from improper privilege...

The vulnerability of the GraphQL Query Handler component of the software platform based on Git, which is used for collaborative code development in GitLab EE/CE, allows a perpetrator to access confidential information.

The vulnerability of the GraphQL Query Handler component in the Git-based software platform, which is used for collaborative code development in GitLab EE/CE, is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to gain access to confidential...

The vulnerability of the Session Token Handler component of the software platform based on Git for collaborative code development on GitLab allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Session Token Handler component in the Git-based software development platform, which is used for collaborative code development on GitLab, is related to context switching errors during privilege handling. Exploiting this vulnerability can allow an attacker, operating...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to the manipulation of inter-site requests, allows a perpetrator to carry out a CSRF attack.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...