Developer Tools

In Rancher Manager versions 2.12.0 through 2.12.0, 2.11.0 through 2.11.4, 2.10.0 through 2.10.8, and 2.9.0 through 2.9.11 a high severity vulnerability CVE-2024-58259 was detected. This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending excessively large payloads to unauthenticated and authenticated API endpoints. To address this issue, users should upgrade Rancher Manager to versions 2.12.1, 2.11.5, 2.10.9 or 2.9.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-58259.

In Kubernetes versions 1.31.11 and prior, 1.32.7 and prior and 1.33.3 and prior a medium severity vulnerability CVE-2025-5187 was detected. This vulnerability allows an attacker to delete their corresponding node object and then recreate it with modified taints or labels. To address this issue, users should upgrade kube-apiserver binary to versions 1.31.12, 1.32.8, 1.33.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5187.

In GitLab CE/EE versions before 18.1.5, 18.2 before 18.2.5 and 18.3 before 18.3.1 a medium severity vulnerability CVE-2025-5101 was detected. This vulnerability allows an authenticated attacker to distribute malicious code that appears harmless in the web interface. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5101.

In GitLab CE/EE versions 14.1 through 18.1.5, 18.2 through 18.2.5 and 18.3 through 18.3.1 a medium severity vulnerability CVE-2025-4225 was detected. This vulnerability allows an unauthenticated attacker to cause a denial-of-service condition by sending specially crafted GraphQL requests. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4225.

In GitLab CE/EE versions 8.15 through 18.1.5, 18.2 through 18.2.5 and 18.3 through 18.3.1 a medium severity vulnerability CVE-2025-3601 was detected. This vulnerability allows an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3601.

In GitLab CE/EE versions before 18.1.5, 18.2 before 18.2.5 and 18.3 before 18.3.1 a medium severity vulnerability CVE-2025-2246 was detected. This vulnerability allows unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2246.

In GitLab CE/EE versions 17.7 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2024-12303 was detected. This vulnerability allows authenticated users with specific roles and permissions to delete issues, including confidential ones, by inviting users with a specific role. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.6, 18.1.4, 18.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12303.

In GitLab CE/EE versions 15.6 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2024-10219 was detected. This vulnerability allows authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.6, 18.1.4, 18.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10219.

In @backstage/plugin-scaffolder-backend versions prior to 2.1.1 a medium severity vulnerability CVE-2025-55285 was detected. Duplicate logging of input values in the fetch:template action could expose template secrets (e.g., ${{ secrets.x }}) in logs, leading to unintended disclosure, though there is no impact if such secrets are not passed through to fetch:template. To address this issue, users should upgrade scaffolder-backend plugin to versions 2.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55285.