Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-12244 CVSS:4.3

GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by missing authorization.

CVE-2025-0639 CVSS:6.5

GitLab is vulnerable to a denial of service, caused by allocation of resources without limits or throttling in issue preview.

CVE-2025-1908 CVSS:7.7

GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by Network Error Logging (NEL) Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring.

Impact

Denial of Service
Security Bypass
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-12244
CVE-2025-0639
CVE-2025-1908

Affected Vendors

GitLab

Affected Products

GitLab - 17.9.6
GitLab - 17.10.4
GitLab - 17.11

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

GitLab Website

ToyMaker Ransomware Fuels CACTUS Attacks – Active IOCs

Multiple WordPress Plugins Vulnerabilities

Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan