FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.11.0 <= gitlab-ce < 17.11.1
17.10.0 <= gitlab-ce < 17.10.5
16.6.0 <= gitlab-ce < 17.9.7
17.11.0 <= gitlab-ee < 17.11.1
17.10.0 <= gitlab-ee < 17.10.5
16.6.0 <= gitlab-ee < 17.9.7

Details

VuXML ID 11b71871-20ba-11f0-9471-2cf05da270f3
Discovery 2025-04-23
Entry 2025-04-24

Gitlab reports:

Cross Site Scripting (XSS) in Maven Dependency Proxy through CSP directives

Cross Site Scripting (XSS) in Maven dependency proxy through cache headers

Network Error Logging (NEL) Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring

Denial of service (DOS) via issue preview

Unauthorized access to branch names when Repository assets are disabled in the project

[source]

References

CVE Name CVE-2024-12244
CVE Name CVE-2025-0639
CVE Name CVE-2025-1763
CVE Name CVE-2025-1908
CVE Name CVE-2025-2443
URL https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.