Wednesday, May 7, 2025
HomeCVE/vulnerabilityGitlab Patches Multiple Vulnerabilities Including Resource Exhaustion & User Manipulation

Gitlab Patches Multiple Vulnerabilities Including Resource Exhaustion & User Manipulation

Published on

SIEM as a Service

Follow Us on Google News

GitLab has announced the release of critical updates to its Community Edition (CE) and Enterprise Edition (EE), specifically versions 17.7.1, 17.6.3, and 17.5.5.

These updates are essential for maintaining security and stability across all self-managed GitLab installations and should be implemented immediately.

The company has already rolled out the patched version on GitLab.com, and GitLab Dedicated customers are advised they need not take any action.

- Advertisement - Google News

The newly released versions address significant bug fixes and security vulnerabilities, including several identified through GitLab’s HackerOne bug bounty program.

GitLab emphasizes its commitment to security and encourages all self-managed customers to upgrade to the latest versions to protect their instances effectively.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

A detailed analysis of each vulnerability will be publicly available on GitLab’s issue tracker 30 days post-release.

GitLab structures its patch releases to include both scheduled updates, occurring twice monthly, and ad-hoc critical patches for high-severity vulnerabilities.

Key Security Fixes

Among the critical vulnerabilities patched in this release are:

  1. Possible Access Token Exposure: A medium-severity issue (CVE-2025-0194) that posed a risk of access tokens being logged under specific conditions across versions starting from 17.4 to 17.7.1.
  2. Cyclic Reference of Epics: This could lead to resource exhaustion and was classified as a medium-severity DoS vulnerability (CVE-2024-6324).
  3. Unauthorized Issue Manipulation: An issue allowing unauthorized users to manipulate the status of issues in public projects (CVE-2024-12431).
  4. SAML Configuration Mismanagement: This vulnerability involved external provider settings not being respected during user creation via SAML, potentially granting unintended access (CVE-2024-13041).

New Features and Enhancements

In addition to security updates, GitLab has introduced enhancements to its import functionality in version 17.7.1.

This new user contribution and membership mapping feature allows for improved post-import operations, such as mapping imported contributions to the correct users on the destination instance.

The new process operates independently of email addresses, providing users greater control over their contributions.

For GitLab self-managed and dedicated customers, it is crucial to understand the risk posed by these vulnerabilities, especially as exploitation requires authenticated user access.

GitLab advises users to disable importers until they have upgraded to version 17.7.1 or later. The steps to disable import features are straightforward and can be performed through the Admin settings.

With the potential risks associated with these vulnerabilities, GitLab strongly recommends that all users upgrade to the latest patch release as soon as possible.

Adhering to these updates not only secures your instance but also enhances the overall performance and reliability of GitLab’s services.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...