heise PlusAbo
Anzeige

Security vulnerabilities: Gitlab developers advise rapid update

Gitlab is vulnerable to DoS attacks, among other things. Confidential information can also be leaked.

listen Print view
Woman points her finger at an update sign

(Image: Alfa Photo/Shutterstock.com)

1 min. read
Security
By

The Gitlab software development platform is vulnerable. Security updates closed several vulnerabilities.

Security patches available

According to a warning message, if attacks are successful, attackers can execute their commands (CVE-2025-0376 “high”), trigger crashes (CVE-2025-12379 “medium”) or access data that is actually sealed off (CVE-2024-3303 “medium”).

It is not yet clear how such attacks could take place and whether there are already attacks. Admins who manage Gitlab installations should quickly install one of the versions equipped against the attacks described: 17.6.5, 17.7.4, 17.8.2. According to the developers, these versions are already running on Gitlab.com. Gitlab Dedicated customers do not need to do anything.

Videos by heise

Most of the vulnerabilities have been reported via the bug bounty platform Hackerone.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten