Debian Gitlab vulnerabilities

CVE-2025-13761 [HIGH] CVE-2025-13761: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. Scope: local sid: resolved

CVE-2025-12575 [MEDIUM] CVE-2025-12575: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. Scope: local sid: resolved

CVE-2025-11989 [LOW] CVE-2025-11989: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 b... GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions. Scope: local sid: resolved

CVE-2025-2469 [LOW] CVE-2025-2469: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. Scope: local sid: resolved

CVE-2025-11340 [HIGH] CVE-2025-11340: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to ... GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations. Scope: local sid: resolved

CVE-2025-9222 [HIGH] CVE-2025-9222: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. Scope: local sid: resolved

CVE-2025-14594 [LOW] CVE-2025-14594: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. Scope: local sid: resolved

CVE-2025-2498 [LOW] CVE-2025-2498: gitlab - An improper access control in Gitlab EE affecting all versions from 12.0 prior t... An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. Scope: local sid: open

CVE-2025-8770 [MEDIUM] CVE-2025-8770: gitlab - An issue has been discovered in GitLab EE affecting all versions from 18.0 prior... An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers. Scope: local sid: resolved

CVE-2025-10871 [LOW] CVE-2025-10871: gitlab - An issue has been discovered in GitLab EE affecting all versions from 16.6 befor... An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges. Scope: local sid: open

CVE-2025-2938 [LOW] CVE-2025-2938: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. Scope: local sid: open

CVE-2025-0673 [HIGH] CVE-2025-0673: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. Scope: local sid: resolved

CVE-2025-2254 [HIGH] CVE-2025-2254: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks. Scope: local sid: resolved

CVE-2025-2443 [HIGH] CVE-2025-2443: gitlab - An issue has been discovered in GitLab EE that allows for cross-site-scripting a... An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Scope: local sid: resolved

CVE-2025-7739 [HIGH] CVE-2025-7739: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 be... An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions. Scope: local sid: resolved

CVE-2025-9484 [MEDIUM] CVE-2025-9484: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries. Scope: local sid: resolved

CVE-2025-1042 [MEDIUM] CVE-2025-1042: gitlab - An insecure direct object reference vulnerability in GitLab EE affecting all ver... An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way. Scope: local sid: resolved

CVE-2025-12571 [HIGH] CVE-2025-12571: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads. Scope: local sid: resolved

CVE-2025-10868 [LOW] CVE-2025-10868: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs. Scope: local sid: open

CVE-2025-0765 [MEDIUM] CVE-2025-0765: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses. Scope: local sid: resolved