Developer Tools

In GitLab Community and Enterprise Editions versions from 11.7.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a medium severity vulnerability CVE-2025-11974 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by uploading excessively large files to specific API endpoints without proper resource throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11974.

In GitLab Enterprise Edition versions from 10.6.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a medium severity vulnerability CVE-2025-11971 was detected. This vulnerability allows an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits due to improper authorization validation. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11971.

In GitLab Community and Enterprise Edition versions from 11.0.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a high severity vulnerability CVE-2025-11447 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by sending crafted GraphQL requests that consume excessive resources due to missing rate limits and throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11447.

In GitLab Community and Enterprise Edition versions from 17.10.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a high severity vulnerability CVE-2025-10497 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads that consume excessive system resources due to missing rate limits and throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10497.

In Sonatype Nexus Repository 2.x versions up to and including 2.15.2 a high severity vulnerability CVE-2025-9868 was detected. This vulnerability in the Remote Browser Plugin allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests. To address this issue, users should upgrade to Nexus Repository 3.x. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9868.

In SonarQube versions prior to 25.6, 2025.3 Commercial, and 2025.1.3 LTA a medium severity vulnerability CVE-2025-62292 was detected. Authenticated low-privileged users can query the /api/v2/users-management/users endpoint and access user fields intended for administrators only, including the email addresses of other accounts. To address this issue, users should upgrade SonarQube to versions 25.6, 2025.3 Commercial, 2025.1.3 LTA or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62292.

In GitLab EE versions 18.3 to 18.3.4 and 18.4 to 18.4.2 a high severity vulnerability CVE-2025-11340 was detected. This vulnerability allows authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations. To address this issue, users should upgrade GitLab to versions 18.4.2 or 18.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11340.

In GitLab CE/EE versions 5.2 prior to 18.2.8, 18.3 prior to 18.3.4 and 18.4 prior to 18.4.2 a medium severity vulnerability CVE-2025-2934 was detected. This vulnerability allows authenticated attackers to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses. To address this issue, users should upgrade GitLab to versions 18.4.2, 18.3.4 or 18.2.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2934.

In Rancher Manager versions 2.9.0 through 2.9.11, 2.10.0 through 2.10.9, 2.11.0 through 2.11.5, and 2.12.0 through 2.12.1 a high severity vulnerability CVE-2024-58267 was detected. The SAML authentication mechanism used by the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be exploited to steal Rancher authentication tokens, allowing attackers to potentially gain unauthorized access. To address this issue, users should upgrade Rancher Manager to versions 2.9.12, 2.10.10, 2.11.6, 2.12.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-58267.