GitLab, Atlassian Patch High-Severity Vulnerabilities

GitLab, Atlassian Patch High-Severity Vulnerabilities

Posted on By CWS

GitLab and Atlassian this week introduced the discharge of patches for over a dozen vulnerabilities throughout their product portfolios, together with a number of high-severity bugs.

On Tuesday, Atlassian printed eight advisories detailing six high-severity flaws in Bamboo, Confluence, Fisheye/Crucible, and Jira.

All safety defects have been recognized in third-party dependencies utilized by these merchandise. Their exploitation might enable attackers to trigger denial of service (DoS) situations or elevate their privileges on a weak system.

“To repair all of the vulnerabilities impacting your product(s), Atlassian recommends patching your situations to the newest model,” the corporate notes.

On Wednesday, GitLab introduced fixes for 10 bugs affecting GitLab Group Version (CE) and Enterprise Version (EE).

An important of those flaws is CVE-2025-0993, a high-severity concern that could possibly be exploited by authenticated attackers to trigger a DoS situation by exhausting server sources.

GitLab additionally introduced patches for seven medium-severity flaws that could possibly be exploited to bypass two-factor authentication, trigger a DoS situation, reveal masked or hidden CI variables within the WebUI, or view full electronic mail addresses that must be partially hidden.

Two low-severity vulnerabilities that might result in department identify confusion and unauthorized entry to Job Knowledge have been additionally resolved.Commercial. Scroll to proceed studying.

Patches for all these safety defects have been included in GitLab CE/EE variations 17.10.7, 17.11.3, and 18.0.1. Customers are suggested to replace their installations as quickly as doable.

Neither Atlassian, nor GitLab point out any of those vulnerabilities being exploited in assaults.

Associated: Chrome 136 Replace Patches Vulnerability With ‘Exploit within the Wild’

Associated: Fortinet Patches Zero-Day Exploited In opposition to FortiVoice Home equipment

Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects

Associated: SAP Patches One other Exploited NetWeaver Vulnerability

Security Week News Tags:, , , ,

Related Posts

Iranian Cyber Group Targets US Organizations Amid Tensions Iranian Cyber Group Targets US Organizations Amid Tensions Security Week News
Microsoft Offers Million at Zero Day Quest Hacking Contest Microsoft Offers $5 Million at Zero Day Quest Hacking Contest Security Week News
RubyGems Halts Registrations Amid Security Threat RubyGems Halts Registrations Amid Security Threat Security Week News
XBOW Secures Million to Boost Autonomous Security XBOW Secures $35 Million to Boost Autonomous Security Security Week News
SAP Addresses Critical Vulnerabilities in S/4HANA SAP Addresses Critical Vulnerabilities in S/4HANA Security Week News
Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign Security Week News