VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2025-4225Aug 27, 2025
    affected >= 14.1.0, < 18.1.5fixed 18.1.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by

  • CVE-2025-5101Aug 27, 2025
    affected < 18.1.5fixed 18.1.5

    An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taki

  • CVE-2024-10219Aug 13, 2025
    affected >= 15.6.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing speci

  • CVE-2024-12303Aug 13, 2025
    affected >= 17.7.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential

  • CVE-2025-1477Aug 13, 2025
    affected >= 8.14.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integr

  • CVE-2025-2498Aug 13, 2025
    affected >= 12.0.0, < 18.0.6fixed 18.0.6

    An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

  • CVE-2025-2614Aug 13, 2025
    affected >= 11.6.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessi

  • CVE-2025-2937Aug 13, 2025
    affected >= 13.2.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki f

  • CVE-2025-5819Aug 13, 2025
    affected >= 15.7.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.

  • CVE-2025-6186Aug 13, 2025
    affected >= 18.1.0, < 18.1.4fixed 18.1.4

    An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.

  • CVE-2025-7739Aug 13, 2025
    affected >= 18.2.0, < 18.2.2fixed 18.2.2

    An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.

  • CVE-2025-7734Aug 13, 2025
    affected >= 14.2.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

  • CVE-2025-8770Aug 13, 2025
    affected >= 18.0.0, < 18.0.6fixed 18.0.6

    An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule iden

  • CVE-2025-0765Jul 24, 2025
    affected >= 17.9.0, < 18.0.5fixed 18.0.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.

  • CVE-2025-1299Jul 24, 2025
    affected >= 15.4.0, < 18.0.5fixed 18.0.5

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment

  • CVE-2025-4976Jul 24, 2025
    affected >= 17.0.0, < 18.0.5fixed 18.0.5

    An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.

  • CVE-2025-7001Jul 24, 2025
    affected >= 15.0.0, < 18.0.5fixed 18.0.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable.

  • CVE-2025-4439Jul 23, 2025
    affected >= 15.10.0, < 18.0.5fixed 18.0.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content deliv

  • CVE-2025-4700Jul 23, 2025
    affected >= 15.10.0, < 18.0.5fixed 18.0.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS

  • CVE-2025-3396Jul 10, 2025
    affected >= 13.3.0, < 18.0.1fixed 18.0.1

    An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

Page 10 of 54