apk package
chainguard/gitlab-runner-oci-entrypoint-fips-18.8
pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.8
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1182 | — | < 18.8.0-r5 | 18.8.0-r5 | Mar 12, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain | ||
| CVE-2026-0595 | — | < 18.8.0-r2 | 18.8.0-r2 | Feb 11, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML in | ||
| CVE-2026-1094 | — | < 18.8.0-r2 | 18.8.0-r2 | Feb 11, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. | ||
| CVE-2026-1282 | — | < 18.8.0-r2 | 18.8.0-r2 | Feb 11, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. | ||
| CVE-2026-1456 | — | < 18.8.0-r2 | 18.8.0-r2 | Feb 11, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger expo | ||
| CVE-2026-1458 | — | < 18.8.0-r2 | 18.8.0-r2 | Feb 11, 2026 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. |
- CVE-2026-1182Mar 12, 2026affected < 18.8.0-r5fixed 18.8.0-r5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain
- CVE-2026-0595Feb 11, 2026affected < 18.8.0-r2fixed 18.8.0-r2
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML in
- CVE-2026-1094Feb 11, 2026affected < 18.8.0-r2fixed 18.8.0-r2
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.
- CVE-2026-1282Feb 11, 2026affected < 18.8.0-r2fixed 18.8.0-r2
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.
- CVE-2026-1456Feb 11, 2026affected < 18.8.0-r2fixed 18.8.0-r2
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger expo
- CVE-2026-1458Feb 11, 2026affected < 18.8.0-r2fixed 18.8.0-r2
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.