CVE-2025-2254, a cross-site scripting issue, which, under certain conditions, could allow an attacker to act like a legitimate user by injecting a malicious script into the snippet viewer.All GitLab CE/EE versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2 are impacted;CVE-2025-0673, a vulnerability that can cause a denial of service by triggering an infinite redirect loop, which would cause memory exhaustion on the GitLab server. Impacted versions of GitLab CE/EE are 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.Three other denial of service vulnerabilities are listed, although they carry lower risk ratings.CVE-2025-1516, if unpatched, allows a successful attacker to deny access to legitimate users of the targeted system by generating tokens with sufficiently large names, CVE-2025-1478 allows an attacker to deny access to legitimate users of the targeted system by crafting Board Names with sufficiently large sizes, and CVE-2025-5996 allows a denial of service by integrating a malicious third-party component into a GitLab project.Another patched vulnerability, CVE-2024-9515, could have allowed a successful attacker to clone a legitimate user’s private repository by sending a timed clone request when a secondary node is out of sync. This hole has a CVSS score of 5.3.Robert Beggs, CEO of Canadian incident response firm Digital Defence, said that CSOs have to remember that GitLab isn’t a passive folder where a user deposits and later retrieves data or source code. It’s a complex application that supports the entire DevOps lifecycle, from planning through to deployment and monitoring. To support this role, GitLab provides a large number of complex functions. This feature set increases the attack surface. In combination with the complexity of the application, any misconfigurations or vulnerabilities could have a significant impact for users.”As with all applications, CSOs have to pay attention to vendor reports of vulnerabilities and any patches or upgrades to the application,” he said in an email. “They also have to be mindful of their own security hygiene and follow best practices for GitLab use.”These include limiting access and access privileges to GitHub repositories, for example, ensuring that default visibility is set to Private, enabling multi-factor authentication for access and ensuring that passwords follow typical complexity rules, implementing role-based access controls and frequently reviewing access lists, implementing SSL and TLS certificates to secure communications, securing GitLab runners and pipeline variables, protecting the codebase by implementing branch protection rules and code signing, and more.More GitLab news:
Prompt injection flaws in GitLab Duo highlights risks in AI assistants>
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4006160/unpatched-holes-could-allow-takeover-of-gitlab-accounts.html
