CVE - CVE-2025-13335-

重大度: MEDIUM
公開日: 2026-01-22
更新日: 2026-01-22

概要

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection.

このCVEに関連するMITRE ATT&CKテクニック

T1583.007 - Serverless
T1027.009 - Embedded Payloads
T1492 - Stored Data Manipulation
T1192 - Spearphishing Link
T1652 - Device Driver Discovery
T1499.004 - Application or System Exploitation
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1058 - Service Registry Permissions Weakness
T1029 - Scheduled Transfer
T1525 - Implant Internal Image
T1076 - Remote Desktop Protocol
T1218.015 - Electron Applications
T1145 - Private Keys
T1555.003 - Credentials from Web Browsers
T1155 - AppleScript
T1563 - Remote Service Session Hijacking
T1681 - Search Threat Vendor Data
T1177 - LSASS Driver
T1546.008 - Accessibility Features
T1649 - Steal or Forge Authentication Certificates
T1218.005 - Mshta
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1534 - Internal Spearphishing
T1219.003 - Remote Access Hardware
T1571 - Non-Standard Port
T1055.012 - Process Hollowing
T1110.004 - Credential Stuffing
T1556.006 - Multi-Factor Authentication
T1187 - Forced Authentication
T1486 - Data Encrypted for Impact
T1595.003 - Wordlist Scanning
T1608.003 - Install Digital Certificate
T1553.004 - Install Root Certificate
T1499 - Endpoint Denial of Service
T1213.003 - Code Repositories
T1543.001 - Launch Agent
T1223 - Compiled HTML File
T1555.004 - Windows Credential Manager
T1564.005 - Hidden File System
T1136 - Create Account
T1052 - Exfiltration Over Physical Medium
T1055.008 - Ptrace System Calls
T1653 - Power Settings
T1596.005 - Scan Databases
T1591.001 - Determine Physical Locations
T1127 - Trusted Developer Utilities Proxy Execution

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

← CVE一覧に戻る