VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2025-2254Jun 12, 2025
    affected >= 17.9.0, < 18.0.2fixed 18.0.2

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.

  • CVE-2025-4278Jun 12, 2025
    affected >= 18.0.0, < 18.0.2fixed 18.0.2

    An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

  • CVE-2025-5996Jun 12, 2025
    affected >= 2.10.0, < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

  • CVE-2025-1763May 30, 2025
    affected >= 16.6.0, < 17.11.1fixed 17.11.1

    An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

  • CVE-2024-7803May 23, 2025
    affected >= 11.6.0, < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

  • CVE-2024-9163May 23, 2025
    affected >= 12.1.0, < 17.11.3fixed 17.11.3

    A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

  • CVE-2024-12093May 22, 2025
    affected >= 11.1.0, < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.

  • CVE-2025-0605May 22, 2025
    affected >= 16.8.0, < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

  • CVE-2025-0679May 22, 2025
    affected >= 17.1.0, < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

  • CVE-2025-0993May 22, 2025
    affected < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

  • CVE-2025-1110May 22, 2025
    affected >= 18.0.0, < 18.0.1fixed 18.0.1

    An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

  • CVE-2025-2853May 22, 2025
    affected < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.

  • CVE-2025-3111May 22, 2025
    affected >= 10.2.0, < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..

  • CVE-2025-4979May 22, 2025
    affected < 17.11.3fixed 17.11.3

    An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and obs

  • CVE-2024-8973May 9, 2025
    affected >= 17.1.0, < 17.11.2fixed 17.11.2

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.

  • CVE-2025-0549May 9, 2025
    affected >= 17.3.0, < 17.11.2fixed 17.11.2

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form sub

  • CVE-2025-1278May 9, 2025
    affected >= 12.0.0, < 17.11.2fixed 17.11.2

    An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

  • CVE-2024-12244Apr 24, 2025
    affected >= 17.7.0, < 17.11.1fixed 17.11.1

    An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.

  • CVE-2025-0639Apr 24, 2025
    affected >= 16.7.0, < 17.11.1fixed 17.11.1

    An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

  • CVE-2025-1908Apr 24, 2025
    affected >= 16.6.0, < 17.11.1fixed 17.11.1

    An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

Page 12 of 54