Debian Gitlab vulnerabilities

CVE-2025-12704 [LOW] CVE-2025-12704: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions. Scope: local sid: resolved

CVE-2025-12697 [LOW] CVE-2025-12697: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions. Scope: local sid: open

CVE-2025-1763 [HIGH] CVE-2025-1763: gitlab - An issue has been discovered in GitLab EE that allows for cross-site-scripting a... An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Scope: local sid: resolved

CVE-2025-12734 [LOW] CVE-2025-12734: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into merge request titles. Scope: local sid: open

CVE-2025-13611 [LOW] CVE-2025-13611: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. Scope: local sid: open

CVE-2025-10867 [LOW] CVE-2025-10867: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 be... An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. Scope: local sid: resolved

CVE-2025-13781 [MEDIUM] CVE-2025-13781: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. Scope: local sid: resolved

CVE-2025-7659 [HIGH] CVE-2025-7659: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE. Scope: local sid: resolved

CVE-2025-0555 [HIGH] CVE-2025-0555: gitlab - A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions f... A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. Scope: local sid: resolved

CVE-2025-6601 [LOW] CVE-2025-6601: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow. Scope: local sid: resolved

CVE-2025-5195 [MEDIUM] CVE-2025-5195: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 be... An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. Scope: local sid: resolved

CVE-2025-10858 [HIGH] CVE-2025-10858: gitlab - An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18... An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files. Scope: local sid: resolved

CVE-2025-6195 [MEDIUM] CVE-2025-6195: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions. Scope: local sid: resolved

CVE-2025-8099 [HIGH] CVE-2025-8099: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. Scope: local sid: resolved

CVE-2025-12073 [MEDIUM] CVE-2025-12073: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. Scope: local sid: reso

CVE-2025-6945 [LOW] CVE-2025-6945: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. Scope: local sid: resolved

CVE-2025-11990 [LOW] CVE-2025-11990: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses. Scope: local sid: resolved

CVE-2025-1110 [LOW] CVE-2025-1110: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 be... An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. Scope: local sid: open

CVE-2025-14595 [MEDIUM] CVE-2025-14595: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control Scope: local sid: resolved

CVE-2025-12653 [MEDIUM] CVE-2025-12653: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests. Scope: local sid: resolved