Developer Tools

In GitLab CE/EE versions from 8.3 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a medium severity vulnerability CVE-2025-10569 was detected. This vulnerability allows an authenticated user to trigger a denial of service condition by supplying crafted responses to external API calls, exploiting missing limits or throttling on resource allocation. To address this issue, users should upgrade GitLab CE/EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10569.

In GitLab EE versions 18.4 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a high severity vulnerability CVE-2025-13772 was detected. This vulnerability allows an authenticated attacker to access and use AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests due to missing authorization checks. To address this issue, users should upgrade GitLab EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13772.

In OpenShift versions 4 and JBoss Fuse version 7 a high severity vulnerability CVE-2024-45497 was detected. This vulnerability allows attackers to overwrite a configuration file containing sensitive credentials. By modifying this file, attackers can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45497.

In GitLab versions before 17.6.0 a low severity vulnerability CVE-2023-5117 was detected. This vulnerability allows attackers to access files uploaded to comments on confidential issues and epics of public projects without authentication via a direct link to the uploaded file URL. To address this issue, users should upgrade to version 17.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-5117.

In Gogs versions prior to 0.13.1 a high severity vulnerability CVE-2024-55947 was detected. This vulnerability allows attackers to create files in any location on the server, which can lead to unauthorized SSH access. To address this issue, users should upgrade Gogs to version 0.13.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55947.

In Gogs versions prior to 0.13.1 a critical severity vulnerability CVE-2024-54148 was detected. This vulnerability allows attackers to commit and edit a crafted symlink file in a repository to gain unauthorized SSH access to the server. To address this issue, users should upgrade Gogs to version 0.13.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54148.

In GitLab CE/EE versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a high severity vulnerability CVE-2024-8233 was detected. This vulnerability allows attackers to cause a denial of service by sending requests for diff files on a commit or merge request. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8233.

In GitLab CE/EE versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a medium severity vulnerability CVE-2024-8179 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks if Content Security Policy (CSP) is not enabled. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8179.

In the GitLab versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 a medium severity vulnerability CVE-2024-8647 was detected. This vulnerability allows attackers to steal the anti-CSRF token from self-hosted GitLab installations with Harbor integration enabled, potentially allowing them to perform unauthorized actions on behalf of users. To fix this issue, users should upgrade GitLab to versions 17.6.2, 17.5.4, 17.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-8647.