Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 18.0.0  Security Vulnerabilities
CVE-2025-0993
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-22
CVE-2024-12093
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-05-22
CVE-2025-0605
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-05-22
CVE-2025-4979
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-05-22
CVE-2025-1110
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
CVSS Score
2.7
EPSS Score
0.0
Published
2025-05-22
CVE-2025-2853
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-22
CVE-2025-3111
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved