6.5

CVE-2026-4527

Exploit

Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to missing CSRF protection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 11.10.0 < 18.9.7
GitlabGitLab SwEditionenterprise Version >= 11.10.0 < 18.9.7
GitlabGitLab SwEditioncommunity Version >= 18.10.0 < 18.10.6
GitlabGitLab SwEditionenterprise Version >= 18.10.0 < 18.10.6
GitlabGitLab SwEditioncommunity Version >= 18.11.0 < 18.11.3
GitlabGitLab SwEditionenterprise Version >= 18.11.0 < 18.11.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.012
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@gitlab.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.