GitLab 18.0.1 Community Edition

CPE Details

GitLab 18.0.1 Community Edition
gitlab
gitlab
18.0.1
2025-07-10
16h53 +00:00
2025-07-10
16h53 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:gitlab:gitlab:18.0.1:*:*:*:community:*:*:*

Informations

Vendor

gitlab

Product

gitlab

Version

18.0.1

Software Edition

community

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-9642 2025-09-26 09h04 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
9.6
Critique
CVE-2025-9958 2025-09-26 09h04 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.
6.5
Moyen
CVE-2025-7001 2025-07-24 06h05 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable.
4.3
Moyen
CVE-2025-6948 2025-07-10 08h30 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.
8.7
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.