GitLab, Atlassian Patch High-Severity Vulnerabilities

GitLab, Atlassian Patch High-Severity Vulnerabilities

GitLab and Atlassian this week announced the release of patches for over a dozen vulnerabilities across their product portfolios, including multiple high-severity bugs.

On Tuesday, Atlassian published eight advisories detailing six high-severity flaws in Bamboo, Confluence, Fisheye/Crucible, and Jira.

All security defects were identified in third-party dependencies used by these products. Their exploitation could allow attackers to cause denial of service (DoS) conditions or elevate their privileges on a vulnerable system.

“To fix all the vulnerabilities impacting your product(s), Atlassian recommends patching your instances to the latest version,” the company notes.

On Wednesday, GitLab announced fixes for 10 bugs affecting GitLab Community Edition (CE) and Enterprise Edition (EE).

The most important of these flaws is CVE-2025-0993, a high-severity issue that could be exploited by authenticated attackers to cause a DoS condition by exhausting server resources.

GitLab also announced patches for seven medium-severity flaws that could be exploited to bypass two-factor authentication, cause a DoS condition, reveal masked or hidden CI variables in the WebUI, or view full email addresses that should be partially hidden.

Two low-severity vulnerabilities that could lead to branch name confusion and unauthorized access to Job Data were also resolved.

Advertisement. Scroll to continue reading.

Patches for all these security defects were included in GitLab CE/EE versions 17.10.7, 17.11.3, and 18.0.1. Users are advised to update their installations as soon as possible.

Neither Atlassian, nor GitLab mention any of these vulnerabilities being exploited in attacks.

Related: Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Related: Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances

Related: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

Related: SAP Patches Another Exploited NetWeaver Vulnerability


Source link