FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
18.0.0 <= gitlab-ce < 18.0.1
17.11.0 <= gitlab-ce < 17.11.3
10.2.0 <= gitlab-ce < 17.10.7
18.0.0 <= gitlab-ee < 18.0.1
17.11.0 <= gitlab-ee < 17.11.3
10.2.0 <= gitlab-ee < 17.10.7

Details

VuXML ID a1a1b0c2-3791-11f0-8600-2cf05da270f3
Discovery 2025-05-21
Entry 2025-05-23

Gitlab reports:

Unprotected large blob endpoint in GitLab allows Denial of Service

Improper XPath validation allows modified SAML response to bypass 2FA requirement

A Discord webhook integration may cause DoS

Unbounded Kubernetes cluster tokens may lead to DoS

Unvalidated notes position may lead to Denial of Service

Hidden/masked variables may get exposed in the UI

Two-factor authentication requirement bypass

View full email addresses that should be partially obscured

Branch name confusion in confidential MRs

Unauthorized access to job data via a GraphQL query

[source]

References

CVE Name CVE-2024-12093
CVE Name CVE-2024-7803
CVE Name CVE-2024-9163
CVE Name CVE-2025-0605
CVE Name CVE-2025-0679
CVE Name CVE-2025-0993
CVE Name CVE-2025-1110
CVE Name CVE-2025-2853
CVE Name CVE-2025-3111
CVE Name CVE-2025-4979
URL https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.