Debian Gitlab vulnerabilities

CVE-2025-14513 [HIGH] CVE-2025-14513: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON payloads in the protected branches API. Scope: local sid: open

CVE-2025-6948 [HIGH] CVE-2025-6948: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 b... An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. Scope: local sid: open

CVE-2025-13929 [HIGH] CVE-2025-13929: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions. Scope: local sid: open

CVE-2025-2255 [HIGH] CVE-2025-2255: gitlab - An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions f... An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. Scope: local sid: open

CVE-2025-2242 [HIGH] CVE-2025-2242: gitlab - An improper access control vulnerability in GitLab CE/EE affecting all versions ... An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects. Scope: local sid: open

CVE-2025-0811 [HIGH] CVE-2025-0811: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. Scope: local sid: open

CVE-2025-9642 [HIGH] CVE-2025-9642: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 b... An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover. Scope: local sid: open

CVE-2025-9958 [HIGH] CVE-2025-9958: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 b... An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations. Scope: local sid: open

CVE-2025-7734 [HIGH] CVE-2025-7734: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 be... An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. Scope: local sid: open

CVE-2025-8014 [HIGH] CVE-2025-8014: gitlab - Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versi... Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption. Scope: local sid: open

CVE-2025-5121 [HIGH] CVE-2025-5121: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 b... An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group. Scope: local sid: open

CVE-2025-12562 [HIGH] CVE-2025-12562: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits. Scope: local sid: open

CVE-2025-1908 [HIGH] CVE-2025-1908: gitlab - An issue has been discovered in GitLab EE/CE that could allow an attacker to tra... An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Scope: local sid: open

CVE-2025-12664 [HIGH] CVE-2025-12664: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. Scope: local sid: open

CVE-2025-5996 [MEDIUM] CVE-2025-5996: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 b... An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. Scope: local sid: open

CVE-2025-1072 [MEDIUM] CVE-2025-1072: gitlab - A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting al... A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer. Scope: local sid: resolved (fixed in 17.5.5-1)

CVE-2025-3601 [MEDIUM] CVE-2025-3601: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 be... An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. Scope: local sid: open

CVE-2025-1250 [MEDIUM] CVE-2025-1250: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 be... An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes. Scope: local sid: open

CVE-2025-1478 [MEDIUM] CVE-2025-1478: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 be... An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. Scope: local sid: open

CVE-2025-2937 [MEDIUM] CVE-2025-2937: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 be... An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature. Scope: local sid: open