Debian Gitlab vulnerabilities

CVE-2025-4979 [MEDIUM] CVE-2025-4979: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 17.10... An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. Scope: local sid: open

CVE-2025-0362 [MEDIUM] CVE-2025-0362: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 bef... An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf. Scope: local sid: open

CVE-2025-0605 [MEDIUM] CVE-2025-0605: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 be... An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. Scope: local sid: open

CVE-2025-9825 [MEDIUM] CVE-2025-9825: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API. Scope: local sid: open

CVE-2025-5101 [MEDIUM] CVE-2025-5101: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.... An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports. Scope: loc

CVE-2025-1516 [MEDIUM] CVE-2025-1516: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 bef... An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service. Scope: local sid: open

CVE-2025-1198 [MEDIUM] CVE-2025-1198: gitlab - An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 1... An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results. Scope: local sid: resolved (fixed in 17.6.5-1)

CVE-2025-1299 [MEDIUM] CVE-2025-1299: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request. Scope: local sid: open

CVE-2025-2614 [MEDIUM] CVE-2025-2614: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 be... An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed. Scope: local sid: open

CVE-2025-2246 [MEDIUM] CVE-2025-2246: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.... An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. Scope: local sid: open

CVE-2025-1477 [MEDIUM] CVE-2025-1477: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 be... An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. Scope: local sid: open

CVE-2025-7000 [MEDIUM] CVE-2025-7000: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 ... An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests. Scope: local sid: open

CVE-2025-13078 [MEDIUM] CVE-2025-13078: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs. Scope: local sid: open

CVE-2025-4976 [MEDIUM] CVE-2025-4976: gitlab - An issue has been discovered in GitLab EE affecting all versions from 17.0 befor... An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses. Scope: local sid: open

CVE-2025-11247 [MEDIUM] CVE-2025-11247: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries. Scope: local sid: open

CVE-2025-7337 [MEDIUM] CVE-2025-7337: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 bef... An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by uploading large files. Scope: local sid: open

CVE-2025-0679 [MEDIUM] CVE-2025-0679: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. Scope: local sid: open

CVE-2025-3525 [MEDIUM] CVE-2025-3525: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 b... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI triggers via the API. Scope: local sid: open

CVE-2025-7449 [MEDIUM] CVE-2025-7449: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 b... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing. Scope: local sid: open

CVE-2025-0639 [MEDIUM] CVE-2025-0639: gitlab - An issue has been discovered affecting service availability via issue preview in... An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Scope: local sid: open