GitLab Security Update \u2013 Patch For Multiple Vulnerabilities That Enables DoS Attack
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
GitLab has released important security updates. The new versions are 18.4.2, 18.3.4, and 18.2.8 for both Community Edition (CE) and Enterprise Edition (EE).<\/p>\n
These updates fix several vulnerabilities that could lead to denial-of-service (DoS)<\/a> attacks and allow unauthorized access.<\/p>\n All self-managed GitLab installations are strongly advised to upgrade promptly to mitigate potential disruptions. GitLab.com and GitLab Dedicated customers are already fully protected by these patches.<\/p>\n The patched releases address several newly discovered vulnerabilities affecting both authenticated and unauthenticated users. These issues, spanning various attack vectors, underscore the ongoing risk to code repositories and development pipelines if left unpatched.<\/p>\n GitLab\u2019s standard practice ensures issues are only publicly documented 30 days after patch deployment, emphasizing the need for proactive upgrades to preserve security posture.<\/p>\n Security researchers and GitLab\u2019s internal team have identified four main issues in this update, each posing unique risks:<\/p>\n This high-severity vulnerability (CVSS 7.7) allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records due to incorrect scoping in GraphQL mutations.<\/p>\n Exploitation could lead to tampering with vulnerability details, straining governance and compliance efforts. Impacted versions include GitLab EE 18.3 to 18.3.4 and 18.4 to 18.4.2. Discovered internally by GitLab.<\/p>\n Assigned a CVSS score of 7.5, this remote flaw impacted versions from 13.12 through 18.2.8, 18.3 up to 18.3.4, and 18.4 up to 18.4.2. By sending specially crafted GraphQL requests for large repository blobs, attackers could exhaust server resources, making a GitLab instance unresponsive. No authentication is required, substantially widening its attack surface.<\/p>\n This medium-severity bug (CVSS 5.0) exposed sensitive manual CI\/CD variables<\/a> to authenticated users lacking project membership, simply by querying the GraphQL API. Versions affected range from 13.7 to 18.2.8, and pre-patched releases of 18.3 and 18.4.<\/p>\n Affecting all versions from 5.2 up to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2, this moderate risk (CVSS 4.3) stemmed from a Ruby Core library flaw. Attackers could configure webhooks to send malicious HTTP responses, destabilizing GitLab servers. The issue was responsibly disclosed in July 2025.<\/p>\n\nMultiple Vulnerabilities<\/strong> Patched<\/strong>
\n<\/h2>\nCVE-2025-11340: GraphQL Mutation Authorization Bypass<\/strong><\/h4>\n
CVE-2025-10004: Denial of Service via GraphQL Blob Requests<\/strong><\/h4>\n
CVE-2025-9825: Unauthorized Access to Manual CI\/CD Variables via GraphQL<\/strong><\/h4>\n
CVE-2025-2934: DoS via Malicious Webhook Endpoints in GitLab CE\/EE<\/strong><\/h4>\n