CVE-2025-4278

Опубликовано: 12 июн. 2025

Источник: debian

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	not-affected			package

Связанные уязвимости

CVE-2025-4278

CVSS3: 8.7

ubuntu

8 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

CVE-2025-4278

CVSS3: 8.7

nvd

8 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

GHSA-wjcq-cqhf-f7rm

CVSS3: 8.7

github

8 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

BDU:2025-06829

CVSS3: 8.7

fstec

8 месяцев назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к аккаунту пользователя