Debian Gitlab vulnerabilities

CVE-2025-12983 [LOW] CVE-2025-12983: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns. Scope: local sid: open

CVE-2025-11974 [MEDIUM] CVE-2025-11974: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints. Scope: local sid: resolved

CVE-2025-6186 [HIGH] CVE-2025-6186: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 be... An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names. Scope: local sid: resolved

CVE-2025-10497 [HIGH] CVE-2025-10497: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads. Scope: local sid: resolved

CVE-2025-11865 [MEDIUM] CVE-2025-11865: gitlab - An issue has been discovered in GitLab EE affecting all versions from 18.1 befor... An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user. Scope: local sid: resolved

CVE-2025-5069 [LOW] CVE-2025-5069: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 b... An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project. Scope: local sid: resolved

CVE-2025-4972 [LOW] CVE-2025-4972: gitlab - An issue has been discovered in GitLab EE affecting all versions from 18.0 befor... An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality. Scope: local sid: resolved

CVE-2025-13772 [HIGH] CVE-2025-13772: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. Scope: local sid: resolved

CVE-2025-1257 [MEDIUM] CVE-2025-1257: gitlab - An issue was discovered in GitLab EE affecting all versions starting with 12.3 b... An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs. Scope: local sid: resolved

CVE-2025-5846 [LOW] CVE-2025-5846: gitlab - An issue has been discovered in GitLab EE affecting all versions from 16.10 befo... An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks. Scope: local sid: resolved

CVE-2025-6168 [LOW] CVE-2025-6168: gitlab - An issue has been discovered in GitLab EE affecting all versions from 18.0 befor... An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests. Scope: local sid: resolved

CVE-2025-1540 [LOW] CVE-2025-1540: gitlab - An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated inst... An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." Scope: local sid: resolved (fixed in 17.6.5-1)

CVE-2025-11702 [HIGH] CVE-2025-11702: gitlab - GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.... GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects. Scope: local sid: resolved

CVE-2025-2045 [MEDIUM] CVE-2025-2045: gitlab - Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17... Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. Scope: local sid: resolved

CVE-2025-5982 [LOW] CVE-2025-5982: gitlab - An issue has been discovered in GitLab EE affecting all versions from 12.0 befor... An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. Scope: local sid: open

CVE-2025-4278 [HIGH] CVE-2025-4278: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit... An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover. Scope: local sid: resolved

CVE-2025-3396 [MEDIUM] CVE-2025-3396: gitlab - An issue has been discovered in GitLab EE affecting all versions from 13.3 befor... An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests. Scope: local sid: resolved

CVE-2025-14592 [LOW] CVE-2025-14592: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. Scope: local sid: resolved

CVE-2024-7102 [CRITICAL] CVE-2024-7102: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances. Scope: local sid: resolved (fixed in 17.5.5-1)

CVE-2024-0402 [CRITICAL] CVE-2024-0402: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 pr... An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. Scope: local sid: resolved (fixed in 16.6.6-1)