WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Scattered Clouds Humidity: 79%
Wind: 2.06 M/S

GitLab Security Patch – Fixes for XSS, DoS, and Account Takeover Flaws

Security Hits: 312
GitLab Security Patch – Fixes for XSS, DoS, and Account Takeover Flaws

GitLab has rolled out critical security patches to address high-severity vulnerabilities, reinforcing its commitment to robust cybersecurity amid rising cyber threats. 

The updates—versions 17.11.1, 17.10.5, and 17.9.7 for both Community Edition (CE) and Enterprise Edition (EE)—fix major flaws such as cross-site scripting (XSS), denial-of-service (DoS), and account takeover risks, along with several important bug fixes. 

Key Vulnerabilities Resolved 

GitLab's latest security update addresses several significant threats: 

  • Two critical XSS vulnerabilities in the Maven Dependency Proxy were fixed. The first (CVE-2025-1763) allowed attackers to bypass content security policy directives, earning a CVSS score of 8.7. A similar vulnerability (CVE-2025-2443) related to misconfigured cache headers was also patched. 
  • A Network Error Logging (NEL) header injection flaw (CVE-2025-1908, CVSS 7.7) was fixed, preventing malicious actors from monitoring user browser activity and potentially taking over accounts. 
  • A medium-severity DoS vulnerability affecting the issue preview feature was patched under CVE-2025-0639 (CVSS 6.5). 
  • An access control issue (CVE-2024-12244) that allowed unauthorized viewing of branch names was resolved (CVSS 4.3). 

Bug Fixes in This Release 

The patches also bring a host of bug fixes, improving stability and performance: 

  • 17.11.1: Enhanced pipeline security, Amazon Q integration fixes, CI/CD improvements, and UI fixes for file attachment issues. 
  • 17.10.5: Resolved mailroom path issues, updated gRPC security, session cookie security improvements, and cloud connector sync patch. 
  • 17.9.7: Backported pipeline naming fixes, encryption key management improvements, and updated dependencies for stability. 

GitLab continues its proactive approach to security by addressing these vulnerabilities swiftly and transparently. Security experts recommend immediate upgrades to mitigate risks from these flaws. The patch release highlights the importance of the open-source community, with vulnerability reports from HackerOne contributing to the fixes. 

As cyber threats grow more sophisticated, organizations are advised to follow cybersecurity best practices, including regular audits and timely updates, to protect their services and data. 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

With Cybersecurity Insights, current news and event trends will be captured on cybersecurity, recent systems / cyber-attacks, artificial intelligence (AI), technology innovation happening around the world; to keep our viewers fast abreast with the current happening with technology, system security, and how its effect our lives and ecosystem. 

Please fill the required field.