CVE-2025-5846 - CERT CVE
ID CVE-2025-5846
Sažetak An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.
Reference
CVSS
Base: 2.7
Impact: 1.4
Exploitability:1.2
Pristup
VektorSloženostAutentikacija
NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Zadnje važnije ažuriranje 26-06-2025 - 18:57
Objavljeno 26-06-2025 - 06:15