Developer Tools

In GitLab CE/EE versions from 17.2 before 17.6.4, 17.7 before 17.7.3 and 17.8 before 17.8.1 a high severity vulnerability CVE-2025-0314 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) due to improper rendering of certain file types. To address this issue, users should upgrade GitLab CE/EE to versions 17.6.4, 17.7.3, or 17.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0314.

In GitLab CE/EE versions from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1 a medium severity vulnerability CVE-2024-11931 was detected. This vulnerability allows attackers with a developer role to exfiltrate protected CI variables under certain conditions via CI lint. To address this issue, users should upgrade GitLab CE/EE to versions 17.6.4, 17.7.3, 17.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11931.

In GitLab CE/EE versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2024-6324 was detected. This vulnerability allows an attacker to trigger a Denial of Service (DoS) by creating cyclic references between epics. To address this issue, users should upgrade GitLab CE/EE to versions 17.5.5, 17.6.3 or 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6324.

In GitLab CE/EE versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3 and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2025-0194 was detected. This vulnerability allows attackers to access tokens that may have been logged when API requests were made in a specific manner. To address this issue, users should upgrade GitLab CE/EE to versions 17.5.5, 17.6.3, or 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0194.

In GitLab CE/EE versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2024-13041 was detected. This vulnerability allows attackers to bypass user access restrictions, potentially giving unauthorized users access to internal projects or groups in GitLab. To fix this issue, users should upgrade GitLab CE/EE to versions 17.5.5, 17.6.3, 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-13041.

In GitLab CE/EE versions starting from 15.5 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2024-12431 was detected. This vulnerability allows attackers to change the status of issues in public projects on GitLab, even if they are not authorized. To fix this issue, users should upgrade GitLab CE/EE to versions 15.5, 17.6.3, 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12431.

In GitLab EE versions 18.5 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a medium severity vulnerability CVE-2025-13781 was detected. This vulnerability allows an authenticated attacker to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. To address this issue, users should upgrade GitLab EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13781.

In GitLab CE/EE versions 18.6 before 18.6.3 and 18.7 before 18.7.1 a high severity vulnerability CVE-2025-13761 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary code in the context of an authenticated user’s browser by exploiting improper input neutralization and convincing a user to visit a specially crafted webpage. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13761.

In GitLab CE/EE versions 15.4 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a medium severity vulnerability CVE-2025-11246 was detected. This vulnerability allows an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations due to insufficient granularity of access control. To address this issue, users should upgrade GitLab CE/EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11246.