FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
18.4.0 <= gitlab-ce < 18.4.1
18.3.0 <= gitlab-ce < 18.3.3
11.10.0 <= gitlab-ce < 18.2.7
18.4.0 <= gitlab-ee < 18.4.1
18.3.0 <= gitlab-ee < 18.3.3
11.10.0 <= gitlab-ee < 18.2.7

Details

VuXML ID 477fdc04-9aa2-11f0-961b-2cf05da270f3
Discovery 2025-09-25
Entry 2025-09-26

Gitlab reports:

Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE

Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE

Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE

Privilege Escalation issue from within the Developer role impacts GitLab EE

Denial of Service issue in GraphQL API via Unbounded Array Parameters impacts GitLab CE/EE

Improper Authorization issue for Project Maintainers when assigning roles impacts GitLab EE

Denial of Service issue in GraphQL API blobSearch impacts GitLab CE/EE

Incorrect ownership assignment via Move Issue drop-down impacts GitLab CE/EE

Denial of Service issue via string conversion methods impacts GitLab CE/EE

[source]

References

CVE Name CVE-2025-10858
CVE Name CVE-2025-10867
CVE Name CVE-2025-10868
CVE Name CVE-2025-10871
CVE Name CVE-2025-5069
CVE Name CVE-2025-7691
CVE Name CVE-2025-8014
CVE Name CVE-2025-9958
URL https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.