In GitLab CE/EE versions before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2024-13054 was detected. This vulnerability allows an attacker to cause a system reboot under certain conditions, leading to a denial of service. To address this issue, users should upgrade GitLab CE/EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13054.
Read more Developer ToolsIn GitLab EE/CE versions from 11.5 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2024-12380 was detected. This vulnerability allows certain user inputs in repository mirroring settings to potentially expose sensitive authentication information. To address this issue, users should upgrade GitLab EE/CE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12380.
Read more Developer ToolsIn GitLab EE versions from 17.2 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a low severity vulnerability CVE-2024-8402 was detected. This vulnerability allows a Maintainer to introduce malicious code due to an input validation issue in the Google Cloud IAM integration feature. To address this issue, users should upgrade GitLab EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8402.
Read more Developer ToolsIn Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27625 was detected. This vulnerability allows attackers to perform phishing attacks by leveraging redirects that start with backslash (`\`) characters, causing users to be forwarded to unintended sites. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27625.
Read more Developer ToolsIn Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27624 was detected. This vulnerability allows attackers to exploit cross-site request forgery (CSRF) to manipulate the collapsed/expanded status of sidepanel widgets, such as Build Queue and Build Executor Status widgets. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27624.
Read more Developer ToolsIn Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27623 was detected. This vulnerability allows attackers with View/Read permission to access `config.xml` of views via REST API or CLI and retrieve encrypted values of secrets, as they are not properly redacted. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27623.
Read more Developer ToolsIn Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27622 was detected. This vulnerability allows attackers with Agent/Extended Read permission to access `config.xml` of agents via REST API or CLI and retrieve encrypted values of secrets, as they are not properly redacted. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27622.
Read more Developer ToolsIn GitLab CE/EE for Self-Managed and Dedicated instances versions 17.5 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 a low severity vulnerability CVE-2025-1540 was detected. This vulnerability allows an external user to read and clone internal projects under certain circumstances. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4 or 17.6.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1540.
Read more Developer ToolsIn Zitadel versions prior to 2.71.0 a critical severity vulnerability CVE-2025-27507 was detected. This vulnerability allows authenticated users, without specific IAM roles, to modify sensitive settings due to Insecure Direct Object Reference (IDOR) issues in the Admin API, with the most critical impact being the ability to manipulate LDAP configurations. However, customers who do not utilize LDAP for authentication are not at risk from the most severe aspects of this vulnerability. To address this issue, users should upgrade Zitadel to versions 2.71.0, 2.70.1, 2.69.4, 2.68.4, 2.67.8, 2.66.11, 2.65.6, 2.64.5 or 2.63.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27507.
Read more Developer Tools