GitLab 17.11.2 Community Edition

CPE Details

GitLab 17.11.2 Community Edition
gitlab
gitlab
17.11.2
2025-05-29
18h05 +00:00
2025-05-29
18h05 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:gitlab:gitlab:17.11.2:*:*:*:community:*:*:*

Informations

Vendor

gitlab

Product

gitlab

Version

17.11.2

Software Edition

community

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-0605 2025-05-22 14h31 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
4.6
Moyen
CVE-2025-0679 2025-05-22 14h31 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
4.3
Moyen
CVE-2025-0993 2025-05-22 14h31 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
7.5
Haute
CVE-2025-2853 2025-05-22 13h30 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
6.5
Moyen
CVE-2025-3111 2025-05-22 13h30 +00:00 An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
6.5
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.