heise PlusAbo
Anzeige

Security vulnerabilities: Attackers can paralyze GitLab instances

Admins of GitLab instances should install the latest security patches promptly.

listen Print view

(Image: Photon photo/Shutterstock.com)

1 min. read
Security
By

Attackers can exploit six vulnerabilities in the GitLab software development platform and attack systems. The developers claim to have closed the vulnerabilities. According to them, patched versions are already running on GitLab.com.

Admins of on-premise instances must take action and install one of the repaired versions of GitLab Community Edition (CE) and Enterprise Edition (EE) 18.1.6, 18.2.6, 18.3.2. According to a warning message, two vulnerabilities (CVE-2025-2256, CVE-2025-6454) are classified as “high.” In the first case, attackers can trigger DoS states in the context of SAML responses. In the other case, attackers must already be authenticated. Then, according to the description, they can manipulate certain requests in the proxy context.

By successfully exploiting the remaining gaps, attackers can, among other things, gain unauthorized access to information. So far, there have been no reports of ongoing attacks.

Videos by heise

In mid-August of this year, the developers closed twelve security gaps in GitLab.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten