GitLab and Atlassian this week introduced the discharge of patches for over a dozen vulnerabilities throughout their product portfolios, together with a number of high-severity bugs.
On Tuesday, Atlassian printed eight advisories detailing six high-severity flaws in Bamboo, Confluence, Fisheye/Crucible, and Jira.
All safety defects have been recognized in third-party dependencies utilized by these merchandise. Their exploitation might enable attackers to trigger denial of service (DoS) situations or elevate their privileges on a weak system.
“To repair all of the vulnerabilities impacting your product(s), Atlassian recommends patching your situations to the newest model,” the corporate notes.
On Wednesday, GitLab introduced fixes for 10 bugs affecting GitLab Group Version (CE) and Enterprise Version (EE).
An important of those flaws is CVE-2025-0993, a high-severity concern that could possibly be exploited by authenticated attackers to trigger a DoS situation by exhausting server sources.
GitLab additionally introduced patches for seven medium-severity flaws that could possibly be exploited to bypass two-factor authentication, trigger a DoS situation, reveal masked or hidden CI variables within the WebUI, or view full electronic mail addresses that must be partially hidden.
Two low-severity vulnerabilities that might result in department identify confusion and unauthorized entry to Job Knowledge have been additionally resolved.Commercial. Scroll to proceed studying.
Patches for all these safety defects have been included in GitLab CE/EE variations 17.10.7, 17.11.3, and 18.0.1. Customers are suggested to replace their installations as quickly as doable.
Neither Atlassian, nor GitLab point out any of those vulnerabilities being exploited in assaults.
Associated: Chrome 136 Replace Patches Vulnerability With ‘Exploit within the Wild’
Associated: Fortinet Patches Zero-Day Exploited In opposition to FortiVoice Home equipment
Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects
Associated: SAP Patches One other Exploited NetWeaver Vulnerability
