GitLab Security Vulnerabilities: Attackers Can Intercept Credentials
The software development platform GitLab is vulnerable. Security updates close several vulnerabilities.
(Image: AFANASEV IVAN/Shutterstock.com)
GitLab Community Edition and Enterprise Edition are vulnerable through several security flaws. If the prerequisites are met, attackers can gain higher user privileges. The developers assure that protected versions are already running on GitLab.com. For on-premises installations, administrators should act promptly and install the available patches.
Various Dangers
If this is not done, attackers can exploit six security vulnerabilities, according to a warning from the GitLab developers. Two of these (CVE-2024-9183, CVE-2025-12571) are classified as "high" threat level. In the first case, attackers must already be authenticated. If so, they can, through an unspecified method, access the credentials of users with higher privileges and perform actions in their name. The second vulnerability is exploitable without authentication and leads to a DoS state. If this is not done, attackers can exploit six security vulnerabilities, according to a warning from the GitLab developers.
Videos by heise
Exploiting the remaining vulnerabilities can lead to information leaks, among other things. The developers assure that the vulnerabilities have been closed in versions 18.4.5, 18.5.3, and 18.6.1. So far, there are no reports of attackers already targeting instances.
About a month ago, the developers closed vulnerabilities in the DevSecOps platform.
(des)
