https://x7peeps.com/tags/CVE-2024-5655/index.htmlHugozh-CNSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/GitLab_CE_EE_%E9%A2%84%E8%AE%A4%E8%AF%81RCE_%E8%B4%A6%E6%88%B7%E6%8E%A5%E7%AE%A1_CI_Ci%E7%AE%A1%E9%81%93%E5%8A%AB%E6%8C%81_CVE%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/GitLab_CE_EE_%E9%A2%84%E8%AE%A4%E8%AF%81RCE_%E8%B4%A6%E6%88%B7%E6%8E%A5%E7%AE%A1_CI_Ci%E7%AE%A1%E9%81%93%E5%8A%AB%E6%8C%81_CVE%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html深入分析 GitLab CE/EE 的预认证 RCE 漏洞链、CVE-2023-7028 账户接管、CVE-2024-5655 管道冒充、CVE-2021-22205 ExifTool RCE、CI/CD 管道投毒、GraphQL API 滥用、SSRF、XSS 持久化等完整攻击面，覆盖 2018-2025 年高危 CVE 漏洞链及蓝队检测与应急响应