FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.9.0 <= gitlab-ce < 17.9.2
17.8.0 <= gitlab-ce < 17.8.5
11.5 <= gitlab-ce < 17.7.7
17.9.0 <= gitlab-ee < 17.9.2
17.8.0 <= gitlab-ee < 17.8.5
11.5 <= gitlab-ee < 17.7.7

Details

VuXML ID a435609c-ffd5-11ef-b4e4-2cf05da270f3
Discovery 2025-03-12
Entry 2025-03-13

Gitlab reports:

CVE-2025-25291 and CVE-2025-25292 (third party gem ruby-saml)

CVE-2025-27407 (third party gem graphql)

Denial of Service Due to Inefficient Processing of Untrusted Input

Credentials disclosed when repository mirroring fails

Denial of Service Vulnerability in GitLab Approval Rules due to Unbounded Field

Internal Notes in Merge Requests Are Emailed to Non-Members Upon Review Submission

Maintainer can inject shell code in Google integrations

Guest with custom Admin group member permissions can approve the users invitation despite user caps

[source]

References

CVE Name CVE-2024-12380
CVE Name CVE-2024-13054
CVE Name CVE-2024-7296
CVE Name CVE-2024-8402
CVE Name CVE-2025-0652
CVE Name CVE-2025-1257
CVE Name CVE-2025-25291
CVE Name CVE-2025-25292
CVE Name CVE-2025-27407
URL https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.