CVE Details
Basic Information
| Title | Missing Authentication for Critical Function in GitLab Language Server |
|---|---|
| Type | cve |
| Published | 2025-07-28T14:04:28.764Z |
| Modified | 2025-07-28T14:23:37.024Z |
Product Information
| Vendor | GitLab |
|---|---|
| Product | GitLab Language Server |
| Version | 7.6.0 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
AI Analysis
| AI Description | Insufficient input validation in GitLab Language Server versions 7.6.0 and later before 7.30.0 allows unauthorized execution of arbitrary GraphQL queries. |
|---|---|
| AI Severity | Critical |
| AI Vendor | GitLab |
| AI Product | GitLab Language Server |
| AI Version | 7.6.0 |
Affected Products
- GitLab GitLab Language Server 7.6.0
Additional Information
| CWE List | CWE-306 |
|---|---|
| Source | GitLab |
Description
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution