Developer Tools

In Jenkins versions 2.503 and prior, LTS 2.492.2 and prior a medium severity vulnerability CVE-2025-31721 was detected. This vulnerability allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent and gain access to encrypted secrets in its configuration. To address this issue, users should upgrade Jenkins to versions 2.504 or later, or LTS versions 2.492.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31721.

In Jenkins versions 2.503 and earlier, LTS 2.492.2 and earlier a medium severity vulnerability CVE-2025-31720 was detected. This vulnerability allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. To address this issue, users should upgrade Jenkins to versions 2.504 or later, or LTS versions 2.492.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31720.

In Rancher versions up to 2.8.13, 2.9.7 and 2.10.3 a high severity vulnerability CVE-2025-23391 was detected. This vulnerability allows Restricted Administrators to change the passwords of Administrators without the necessary permissions, potentially leading to unauthorized access and account takeover. To address this issue, users should upgrade Rancher to versions 2.8.14, 2.9.8, 2.10.4 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21391.

In GitLab CE/EE versions 16.0 before 17.8.6, 17.9 before 17.9.3 and 17.10 before 17.10.1 a medium severity vulnerability CVE-2024-12619 was detected. This vulnerability allows internal users to gain unauthorized access to internal projects. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.1, 17.9.3, 17.8.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12619.

In GitLab Duo with Amazon Q versions 17.8 before 17.8.6, 17.9 before 17.9.3 and 17.10 before 17.10.1 a medium severity vulnerability CVE-2025-2867 was detected. This vulnerability allows attackers to manipulate AI-assisted development features, potentially exposing sensitive project data to unauthorized users. To address this issue, users should upgrade GitLab Duo to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2867.

In GitLab versions 13.5.0 to 17.8.6, 17.9 to 17.9.3 and 17.10 to 17.10.1 a high severity vulnerability CVE-2025-2255 was detected. This vulnerability allows attackers to execute Cross-Site Scripting (XSS) attacks through certain error messages. To address this issue, users should upgrade GitLab to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2255.

In GitLab versions 14.9 to 17.8.6, 17.9 to 17.9.3, and 17.10 to 17.10.1 a low severity input validation vulnerability CVE-2024-9773 was detected. This vulnerability could have allowed a maintainer to add malicious code to the CLI commands shown in the UI. To address this issue, users should upgrade GitLab to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9773.

In GitLab CE/EE versions 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1 a high severity vulnerability CVE-2025-0811 was detected. This vulnerability allows attackers to execute cross-site scripting attacks due to improper rendering of certain file types. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0811.

In GitLab versions 17.4 to 17.8.6, 17.9 to 17.9.3 and 17.10 to 17.10.1 a high severity vulnerability CVE-2025-2242 was detected. This vulnerability allows a user who was previously an instance admin but has since been downgraded to a regular user to maintain elevated privileges over groups and projects. To address this issue, users should upgrade GitLab to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2242.