The operators of Gitlab have published patch releases for their version management platform. The updates are available for both Community Edition (CE) and Enterprise Edition (EE).
Advertisement
Versions 17.8.1, 17.7.3, 17.6.4 Fix three vulnerable points, one of which with a degree of threat “High“Classified and with two”medium,
Gitlab gives advice on its blog Urgent to install patch release as soon as possible. Anyone who uses the service on Gitlab.com is already working with updated versions—the provider takes care of the cloud servers.
Vulnerable to cross-site scripting and denial of service
As Height The risk applies to the severity of CVS. 8.7 10 classified vulnerabilities with CVE entry (Common Vulnerabilities and Exposures) CVE-2025-0314It has only been marked as reserved as of now. This enables stored XSS (Cross-Site Scripting) through the rendering of Asciidoctor content. Stored XSS means that the Malice code is stored on the server and is therefore triggered not only by direct input, but also in other queries. There was also a stored XSS vulnerable point in Gitlab in June 2024.
CVE entry CVE-2024-1931which is not yet publicly available, CVSS receives a severity of 6.4 and thus means medium risk. Associated Gap makes it possible to read protected variables from the CI/CD process (Continuous Integration/Continuous Delivery) via CI Lint. CI Lint serves as a linter to check the validity of YAML files for CI/CD configuration.
finally describes CVE entry CVE-2024-6324 with a seriousness cvss 4.3 – Too medium sized Threat-classified degree of vulnerability, which is a denial of service attack (DOS) by cyclical references amidst the epic Enables.
(rme)
