FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.10.0 <= gitlab-ce < 17.10.1
17.9.0 <= gitlab-ce < 17.9.3
12.10.0 <= gitlab-ce < 17.8.6
17.10.0 <= gitlab-ee < 17.10.1
17.9.0 <= gitlab-ee < 17.9.3
12.10.0 <= gitlab-ee < 17.8.6

Details

VuXML ID 1daa2814-0a6c-11f0-b4e4-2cf05da270f3
Discovery 2025-03-26
Entry 2025-03-26

Gitlab reports:

Cross-site Scripting (XSS) through merge-request error messages

Cross-site Scripting (XSS) through improper rendering of certain file types

Admin Privileges Persists After Role is Revoked

External user can access internal projects

Prompt injection in Amazon Q integration may allow unauthorized actions

Uncontrolled Resource Consumption via a maliciously crafted terraform file in merge request

Maintainer can inject shell code in Harbor project name configuration when using helper scripts

[source]

References

CVE Name CVE-2024-10307
CVE Name CVE-2024-12619
CVE Name CVE-2024-9773
CVE Name CVE-2025-0811
CVE Name CVE-2025-2242
CVE Name CVE-2025-2255
URL https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.