DevOps

In GitLab CE/EE versions from 17.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0679 was detected. This issue allows unauthorized users to view full email addresses that should be partially obscured under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0679.

In GitLab CE/EE versions from 16.8 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0605 was detected. This issue allows certain users to bypass two-factor authentication requirements due to improper group access controls. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0605.

In GitLab CE/EE versions from 11.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2024-12093 was detected. This issue allows a modified SAML response to bypass two-factor authentication requirements under specific conditions due to improper XPath validation. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12093.

In GitLab CE/EE versions from 12.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a low severity vulnerability CVE-2024-9163 was detected. A business logic flaw allows an attacker to cause branch name confusion in confidential merge requests. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9163.

In GitLab CE/EE versions from 11.6 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2024-7803 was detected. This issue allows a Discord webhook integration to potentially cause a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7803.

In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-4979 was detected. This vulnerability allows attackers to reveal masked or hidden CI variables in the WebUI (variables they did not create) by adding their own variable and inspecting the HTTP response. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4979.

In GitLab CE/EE versions from 10.2 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-3111 was detected. This vulnerability is due to insufficient input validation in the Kubernetes integration, allowing an authenticated user to cause a denial of service. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3111.

In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-2853 was detected. This vulnerability stems from insufficient validation, allowing an authenticated user to cause a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2853.

In GitLab CE/EE versions from 18.0 before 18.0.1 a low severity vulnerability CVE-2025-1110 was detected. This vulnerability allows a user with limited permissions to access job data through a crafted GraphQL query under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1110.