GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 11.0 through 18.3.5 prior...

PT-2025-43135

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.0 through 18.3.4 GitLab CE/EE versions 18.4 through 18.4.2 GitLab CE/EE versions 18.5 through 18.5.0 Description An issue has been resolved in GitLab CE/EE that could allow an unauthenticated attacker to cause a denial...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

CVE-2025-62645

The RBI assistant platform (Restaurant Brands International) through 2025-09-06 is vulnerable: a remote authenticated attacker can obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. The evidence across multiple sources confirms an impersona...

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a createToken GraphQL mutation that...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

Linux Distros Unpatched Vulnerability : CVE-2025-11340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2. The vulnerabilities included an issue where specially constructed GraphQL queries could make large repository blobs unresponsive, and a flaw that allowed authenticated users with read-on...

BIT-GITLAB-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

CVE-2025-61602 BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId

BigBlueButton is an open-source virtual classroom. A denial-of-service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed reactionEmojiId in the GraphQL mutation...

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

UBUNTU-CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

UBUNTU-CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

EUVD-2025-33334

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

CVE-2025-10004

CVE-2025-10004 affects GitLab CE/EE versions 13.12 through 18.2.8, 18.3 through 18.3.4, and 18.4 through 18.4.2. The issue allows crafted GraphQL queries to request large repository blobs, potentially making a GitLab instance unresponsive or severely degraded. A remediation has been released; Git...

CVE-2025-10004

Removed by vendor...