FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
18.5.0 <= gitlab-ce < 18.5.2
18.4.0 <= gitlab-ce < 18.4.4
13.2.0 <= gitlab-ce < 18.3.6
18.5.0 <= gitlab-ee < 18.5.2
18.4.0 <= gitlab-ee < 18.4.4
13.2.0 <= gitlab-ee < 18.3.6

Details

VuXML ID 5a1d6309-c04a-11f0-85d8-2cf05da270f3
Discovery 2025-11-12
Entry 2025-11-13

Gitlab reports:

Cross-site scripting issue in k8s proxy impacts GitLab CE/EE

Incorrect Authorization issue in workflows impacts GitLab EE

Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE

Information Disclosure issue in access control impacts GitLab CE/EE

Prompt Injection issue in GitLab Duo review impacts GitLab EE

Client Side Path Traversal issue in branch names impacts GitLab EE

Information Disclosure issue in packages API endpoint impacts GitLab CE/EE

Improper Access Control issue in GitLab Pages impacts GitLab CE/EE

Denial of service issue in markdown impacts GitLab CE/EE

[source]

References

CVE Name CVE-2025-11224
CVE Name CVE-2025-11865
CVE Name CVE-2025-11990
CVE Name CVE-2025-12983
CVE Name CVE-2025-2615
CVE Name CVE-2025-6171
CVE Name CVE-2025-6945
CVE Name CVE-2025-7000
CVE Name CVE-2025-7736
URL https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.