Multiple vulnerabilities in GitLab, including cross-site scripting, denial of service, remote code execution, and security restriction bypass, could be exploited by a remote attacker. Affected versions are GitLab CE and EE prior to 18.9.7, 18.10.6, and 18.11.3. The solution is to apply the vendor-provided fixes detailed at the provided patch release documentation link.
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, remote code execution, sensitive information disclosure, security restriction bypass and data manipulation on the targeted system. Impact Cross-Site Scripting Denial of Service Remote Code Execution Security Restriction Bypass Information Disclosure Data Manipulation System / Technologies affected GitLab Community Edition (CE) versions prior to 18.9.7, 18.10.6, 18.11.3 GitLab Enterprise Edition (EE) versions prior to 18.9.7, 18.10.6, 18.11.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-10-3-released/