Developer Tools

In Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59474 was detected. This vulnerability allows attackers without Overall/Read permission to list agent names through the sidepanel executors widget. To fix this problem, users should upgrade Jenkins to version 2.528 and Jenkins LTS to version 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59474.

In GitLab CE/EE versions 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a high severity vulnerability CVE-2025-2256 was detected. This vulnerability allows unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. To fix this problem, users should upgrade to GitLab 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2256.

In GitLab CE/EE versions 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a medium severity vulnerability CVE-2025-1250 was detected. This vulnerability allows authenticated users to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes. To fix this problem, users should upgrade to GitLab 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1250.

In GitLab CE/EE versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a medium severity vulnerability CVE-2025-6769 was detected. This vulnerability allows authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces. To address this issue, users should upgrade GitLab CE/EE to versions 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6769.

In GitLab CE/EE versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a medium severity vulnerability CVE-2025-6454 was detected. This vulnerability allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. To address this issue, users should upgrade GitLab CE/EE to versions 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6454.

In GitLab Community Edition and Enterprise Edition all versions prior to 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 a medium severity vulnerability CVE-2025-5101 was detected. This vulnerability allows an authenticated attacker under certain conditions to distribute malicious code that appears harmless in the web interface by exploiting ambiguity between branches and tags during repository imports. To address this issue, users should upgrade GitLab to versions 18.1.5, 18.2.5, 18.3.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5101.

In SonarQube Server and Cloud versions 4 through 5.3.0 a high severity vulnerability CVE-2025-58178 was detected. This vulnerability allows untrusted input arguments in the SonarQube Scan GitHub Action to be processed without proper sanitization, leading to command injection. To address this issue, users should upgrade SonarQube to version 5.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-58178.

In Argo CD versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1 a critical severity vulnerability CVE-2025-55190 was detected. This vulnerability allows an attacker to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint. To address this issue, users should upgrade Argo CD to versions 2.13.9, 2.14.16, 3.0.14 or 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55190.

In Rancher versions 0.11.0 before 0.11.10, 0.12.0 before 0.12.6, and 0.13.0 before 0.13.1 a high severity vulnerability CVE-2024-52284 was detected. This vulnerability allows attackers with GET or LIST permissions to see Helm values that contain passwords or other secrets. To fix this issue, users should upgrade Rancher to versions 0.11.10, 0.12., or 0.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52284.