FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.8.0 <= gitlab-ce < 17.8.2
17.7.0 <= gitlab-ce < 17.7.4
8.3.0 <= gitlab-ce < 17.6.5
17.8.0 <= gitlab-ee < 17.8.2
17.7.0 <= gitlab-ee < 17.7.4
8.3.0 <= gitlab-ee < 17.6.5

Details

VuXML ID 1a8c5720-e9cf-11ef-9e96-2cf05da270f3
Discovery 2025-02-12
Entry 2025-02-13

Gitlab reports:

A CSP-bypass XSS in merge-request page

Denial of Service due to Unbounded Symbol Creation

Exfiltrate content from private issues using Prompt Injection

A custom permission may allow overriding Repository settings

Internal HTTP header leak via route confusion in workhorse

SSRF via workspaces

Unauthorized Incident Closure and Deletion by Planner Role in GitLab

ActionCable does not invalidate tokens after revocation

[source]

References

CVE Name CVE-2024-12379
CVE Name CVE-2024-3303
CVE Name CVE-2024-9870
CVE Name CVE-2025-0376
CVE Name CVE-2025-0516
CVE Name CVE-2025-1042
CVE Name CVE-2025-1198
CVE Name CVE-2025-1212
URL https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.