PT-2025-39624

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.4 through 18.2.6 GitLab CE/EE versions 18.3 through 18.3.2 GitLab CE/EE versions 18.4 through 18.4.0 Description Certain string conversion methods within the software demonstrate performance degradation when processing...

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

CVE-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

GitLab 7.12 < 18.1.6 / 18.2 < 18.2.6 / 18.3 < 18.3.2 (CVE-2025-2256)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The vulnerability exists due to insufficient validation of user-supplied input in SAML responses. A remote attacker can pass specially crafted input to the application and perform a denial of service...

GitLab 15.1 < 18.1.6 / 18.2 < 18.2.6 / 18.3 < 18.3.2 (CVE-2025-6769)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The vulnerability exists due to excessive data output by the application in runner endpoints. A remote user can gain unauthorized access to sensitive information on the system. CVE-2025-6769 Note that...

GitLab 16.11 < 18.1.6 / 18.2 < 18.2.6 / 18.3 < 18.3.2 (CVE-2025-6454)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The vulnerability exists due to insufficient validation of user-supplied input in Webhook custom header. A remote user can send a specially crafted HTTP request and trick the application to initiate...

Linux Distros Unpatched Vulnerability : CVE-2025-7739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated use...

BIT-GITLAB-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

Linux Distros Unpatched Vulnerability : CVE-2022-4376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11...

Linux Distros Unpatched Vulnerability : CVE-2024-5258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated...

Linux Distros Unpatched Vulnerability : CVE-2020-13292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. CVE-2020-13292 Note that Nessus reli...

Linux Distros Unpatched Vulnerability : CVE-2022-2307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2019-9221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Contr...

Linux Distros Unpatched Vulnerability : CVE-2024-1963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from...

Linux Distros Unpatched Vulnerability : CVE-2021-39914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a...

Linux Distros Unpatched Vulnerability : CVE-2023-0838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could...

Linux Distros Unpatched Vulnerability : CVE-2022-3573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all version...

Linux Distros Unpatched Vulnerability : CVE-2023-6051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16....