Summary
Security updates have been released that address 3 vulnerabilities, including one with a “high” severity, in GitLab Community Edition (CE) and Enterprise Edition (EE).
Risk
Estimate of the impact of the vulnerability on the reference community: High (65.0)
Type
- Security Restrictions Bypass
Affected products and/or versions
GitLab Community Edition (CE) and Enterprise Edition (EE)
- All versions from 17.2 to 17.6.4 (excluding)
- 17.7.x, versions prior to 17.7.3
- 17.8.x, versions prior to 17.8.1
Mitigation actions
In line with the vendor statements, it is recommended to update the vulnerable products following the indications of the security bulletin reported in the References section.
The following are only the CVEs related to the vulnerabilities with a “high” severity:
References
https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
