heise PlusAbo
Anzeige

GitLab Security Update: Attackers can bypass two-factor authentication

The software development environment GitLab can be attacked through several security vulnerabilities.

listen Print view
A filling update bar.

(Image: AFANASEV IVAN/Shutterstock.com)

1 min. read
Security
By

GitLab is vulnerable through five software weaknesses. After successful attacks, crashes can occur, or attackers can bypass two-factor authentication (2FA).

In a warning message, the developers assure that secured versions are already running on GitLab.com. Admins who host the software development environment themselves must install the repaired versions Community Edition (CE) and Enterprise Edition (EE) 18.8.2, 18.7.2, or 18.6.4.

In these, the developers have closed a total of five security vulnerabilities. Three of these are classified as “high” threat level (CVE-2025-13927, CVE-2025-13928, CVE-2026-0723). Through the first two vulnerabilities, attackers can trigger DoS states and thus crashes. If an attacker has a user's credential ID, they can bypass 2FA with prepared requests.

Videos by heise

The GitLab developers recommend a swift update.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten