6 matches found
GitLab 15.10 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11224)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stor...
GitLab 16.9 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-12983)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a...
UBUNTU-CVE-2025-6171
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
CVE-2025-2615
GitLab CE/EE is affected by CVE-2025-2615. The issue allows a blocked user to access sensitive information by establishing GraphQL subscriptions over WebSocket connections in affected releases: GitLab 16.7 up to but not including 18.3.6; 18.4 up to 18.4.3; and 18.5 up to 18.5.1. Remediation patch...
CVE-2025-11865
GitLab EE contains an Incorrect Authorization issue (CVE-2025-11865) that could allow an attacker to remove Duo MFA flows belonging to another user. Affected versions are GitLab EE 18.1–18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. The root cause is described as improper authorization check...
CVE-2019-8948
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163...