Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,054)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-1752	Med	4.3	>= 11.3.0, < 18.8.9	18.8.9	Apr 8, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authoriz
CVE-2026-1516	Med	5.7	>= 18.0.0, < 18.8.9	18.8.9	Apr 8, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted
CVE-2026-1101	Med	6.5	>= 18.2.0, < 18.8.9	18.8.9	Apr 8, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL que
CVE-2026-1092	Hig	7.5	>= 12.10.0, < 18.8.9	18.8.9	Apr 8, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.
CVE-2025-9484	Med	4.3	>= 16.6.0, < 18.8.9	18.8.9	Apr 8, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL qu
CVE-2025-12664	Hig	7.5	>= 13.0.0, < 18.8.9	18.8.9	Apr 8, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.
CVE-2026-2370		—	>= 14.3.0, < 18.8.7	18.8.7	Mar 29, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation
CVE-2025-13078		—	>= 16.10.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain we
CVE-2025-13436		—	>= 13.7.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-re
CVE-2025-14595		—	>= 18.6.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in g
CVE-2026-1724		—	>= 18.5.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
CVE-2026-2745		—	>= 7.11.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts d
CVE-2026-2726		—	>= 11.10.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access co
CVE-2026-2973		—	>= 17.7.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-enc
CVE-2026-2995		—	>= 15.4.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
CVE-2026-3857		—	>= 17.10.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient
CVE-2026-3988		—	>= 18.5.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper inpu
CVE-2026-4363		—	>= 18.1.0, < 18.8.7	18.8.7	Mar 25, 2026	GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of auth
CVE-2026-1182		—	>= 8.14.0, < 18.7.6	18.7.6	Mar 12, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain
CVE-2026-3848	Med	5.0	>= 8.11.0, < 18.7.6	18.7.6	Mar 11, 2026	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to

CVE-2026-1752MedApr 8, 2026
affected >= 11.3.0, < 18.8.9fixed 18.8.9
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authoriz
CVE-2026-1516MedApr 8, 2026
affected >= 18.0.0, < 18.8.9fixed 18.8.9
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted
CVE-2026-1101MedApr 8, 2026
affected >= 18.2.0, < 18.8.9fixed 18.8.9
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL que
CVE-2026-1092HigApr 8, 2026
affected >= 12.10.0, < 18.8.9fixed 18.8.9
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.
CVE-2025-9484MedApr 8, 2026
affected >= 16.6.0, < 18.8.9fixed 18.8.9
GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL qu
CVE-2025-12664HigApr 8, 2026
affected >= 13.0.0, < 18.8.9fixed 18.8.9
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.
CVE-2026-2370Mar 29, 2026
affected >= 14.3.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation
CVE-2025-13078Mar 25, 2026
affected >= 16.10.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain we
CVE-2025-13436Mar 25, 2026
affected >= 13.7.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-re
CVE-2025-14595Mar 25, 2026
affected >= 18.6.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in g
CVE-2026-1724Mar 25, 2026
affected >= 18.5.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
CVE-2026-2745Mar 25, 2026
affected >= 7.11.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts d
CVE-2026-2726Mar 25, 2026
affected >= 11.10.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access co
CVE-2026-2973Mar 25, 2026
affected >= 17.7.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-enc
CVE-2026-2995Mar 25, 2026
affected >= 15.4.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
CVE-2026-3857Mar 25, 2026
affected >= 17.10.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient
CVE-2026-3988Mar 25, 2026
affected >= 18.5.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper inpu
CVE-2026-4363Mar 25, 2026
affected >= 18.1.0, < 18.8.7fixed 18.8.7
GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of auth
CVE-2026-1182Mar 12, 2026
affected >= 8.14.0, < 18.7.6fixed 18.7.6
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain
CVE-2026-3848MedMar 11, 2026
affected >= 8.11.0, < 18.7.6fixed 18.7.6
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to

Page 3 of 53