Multiple vulnerabilities in GitLab, including cross-site scripting, denial of service, and privilege escalation, can be exploited by a remote attacker. Affected versions are GitLab CE and EE prior to 19.0.2, 18.11.5, and 18.10.8. The vendor has released fixes; administrators must apply the patches provided in version 19.0.2, 18.11.5, or 18.10.8, depending on their current branch.
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, elevation of privilege, sensitive information disclosure, security restriction bypass and data manipulation on the targeted system. Impact Cross-Site Scripting Denial of Service Elevation of Privilege Security Restriction Bypass Information Disclosure Data Manipulation System / Technologies affected GitLab Community Edition (CE) versions prior to 19.0.2, 18.11.5, 18.10.8 GitLab Enterprise Edition (EE) versions prior to 19.0.2, 18.11.5, 18.10.8 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/