Lucene search
K

Vulnerabilities fixed in GitLab CE/EE

🗓️ 11 Dec 2025 09:22:54Reported by NCSCType 
ncsc
 ncsc
🔗 advisories.ncsc.nl👁 6 Views

GitLab fixed vulnerabilities including authenticated image upload, HTML injection, GraphQL access, WebAuthn bypass, and Swagger UI script injection.

Related
Refs
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to bypassing authentication using an alternative path or channel, allows attackers to circumvent security restrictions.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows attackers to circumvent security restrictions and cause service failures.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the metadata processing library in multimedia files. ExifTool, a software platform based on Git, is used for collaborative code development on GitLab. This vulnerability allows a hacker to cause a service failure.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Commits API interface on the software platform based on git, which is used for collaborative code development on GitLab, allows a hacker to trigger a service failure.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from improper encoding or masking of output data, allowing attackers to disclose sensitive information that should be protected.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the error reporting mechanism, allowing attackers to disclose sensitive information.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to bypassing authentication by using a user-controlled key, allows attackers to disclose sensitive information that should be protected.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of Swagger UI, a software platform based on Git, for collaborative code development on GitLab allows attackers to execute arbitrary code.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of the website structure, allowing attackers to execute arbitrary code.
15 Dec 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from improper encoding or filtering of output data. This allows a malicious actor to execute arbitrary code.
15 Dec 202500:00
bdu_fstec
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Dec 2025 09:22Current
6.8Medium risk
Vulners AI Score6.8
CVSS 47.1
CVSS 3.18.7
EPSS0.0076
SSVC
6