← volver
CVE-2025-12653

Authentication Bypass by Spoofing in GitLab

CVSS 6.5 MEDIUMEPSS 0.2%CWE-290
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/https://gitlab.com/gitlab-org/gitlab/-/issues/579372https://hackerone.com/reports/3370245