Debian Gitlab vulnerabilities

CVE-2026-3857 [HIGH] CVE-2026-3857: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. Scope: local sid: resolved

CVE-2026-1069 [HIGH] CVE-2026-1069: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances. Scope: local sid: resolved

CVE-2026-1387 [MEDIUM] CVE-2026-1387: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl. Scope: local sid: resolved

CVE-2025-6454 [HIGH] CVE-2025-6454: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 b... An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. Scope: local sid: open

CVE-2025-11447 [HIGH] CVE-2025-11447: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads. Scope: local sid: open

CVE-2025-10004 [HIGH] CVE-2025-10004: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs. Scope: local sid: open

CVE-2025-0475 [HIGH] CVE-2025-0475: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 p... An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances. Scope: local sid: open

CVE-2025-0376 [HIGH] CVE-2025-0376: gitlab - An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 pri... An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page. Scope: local sid: resolved (fixed in 17.6.5-1)

CVE-2025-12029 [HIGH] CVE-2025-12029: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swagger UI." Scope: local sid: open

CVE-2025-13927 [HIGH] CVE-2025-13927: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. Scope: local sid: open

CVE-2025-2256 [HIGH] CVE-2025-2256: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 be... An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. Scope: local sid: open

CVE-2025-11224 [HIGH] CVE-2025-11224: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality. Scope: local sid: open

CVE-2025-4439 [HIGH] CVE-2025-4439: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 b... An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks. Scope: local sid: open

CVE-2025-14511 [HIGH] CVE-2025-14511: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. Scope: local sid: open

CVE-2025-8405 [HIGH] CVE-2025-8405: gitlab - GitLab has remediated a security issue in GitLab CE/EE affecting all versions fr... GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. Scope: local sid: open

CVE-2025-4700 [HIGH] CVE-2025-4700: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 b... An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS. Scope: local sid: open

CVE-2025-0314 [HIGH] CVE-2025-0314: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting. Scope: local sid: resolved (fixed in 17.6.5-1)

CVE-2025-14560 [HIGH] CVE-2025-14560: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. Scope: local sid: open

CVE-2025-13928 [HIGH] CVE-2025-13928: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints. Scope: local sid: open

CVE-2025-0993 [HIGH] CVE-2025-0993: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 17.10... An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. Scope: local sid: open