ГлавнаяУязвимости → CVE-2025-11340
7.7высокая

CVE-2025-11340

Описание

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.

Затрагиваемое ПО
Gitlab Gitlab
CVSS
Балл7.7 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Источники
https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/https://gitlab.com/gitlab-org/gitlab/-/issues/567847