Código HTML do Conteúdo
Post: Multiple GitLab Vulnerabilities Allow Account Takeover and Stored XSS Attacks - Against Invaders - Notícias de CyberSecurity para humanos.
<div>
<div>
<p>GitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across both Community Edition (CE) and Enterprise Edition (EE) platforms.</p>
<p>The vulnerabilities, <a href="https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/" rel="noreferrer noopener nofollow" target="_blank">disclosed</a> in patch releases 18.2.2, 18.1.4, and 18.0.6, represent serious security risks that require immediate attention from administrators.</p>
<h2 id="h-critical-security-flaws-enable-account-compromise"><strong>Critical Security Flaws Enable Account Compromise</strong></h2>
<p>The most concerning vulnerabilities involve multiple cross-site scripting flaws that could allow authenticated attackers to execute malicious actions on behalf of other users.</p>
<p>CVE-2025-6186, rated with a CVSS score of 8.7, specifically enables account takeover by allowing authenticated users to inject malicious <a href="https://gbhackers.com/outlook-html-based-phishing/" rel="noreferrer noopener" target="_blank">HTML </a>content into work item names. </p>
<p>This vulnerability affects GitLab CE/EE versions 18.1 before 18.1.4 and 18.2 before 18.2.2.</p>
<figure>
<table>
<thead>
<tr>
<td><strong>CVE ID</strong></td>
<td><strong>Vulnerability Type</strong></td>
<td><strong>Severity</strong></td>
<td><strong>CVSS Score</strong></td>
</tr>
</thead>
<tbody>
<tr>
<td>CVE-2025-7734</td>
<td>Cross-site scripting in blob viewer</td>
<td>High</td>
<td>8.7</td>
</tr>
<tr>
<td>CVE-2025-7739</td>
<td>Cross-site scripting in labels</td>
<td>High</td>
<td>8.7</td>
</tr>
<tr>
<td>CVE-2025-6186</td>
<td>Cross-site scripting in Workitem</td>
<td>High</td>
<td>8.7</td>
</tr>
<tr>
<td>CVE-2025-8094</td>
<td>Improper permissions in project API</td>
<td>High</td>
<td>7.7</td>
</tr>
<tr>
<td>CVE-2024-12303</td>
<td>Incorrect privilege assignment</td>
<td>Medium</td>
<td>6.7</td>
</tr>
<tr>
<td>CVE-2025-2614</td>
<td>Resource allocation limits bypass</td>
<td>Medium</td>
<td>6.5</td>
</tr>
<tr>
<td>CVE-2024-10219</td>
<td>Incorrect authorization in jobs API</td>
<td>Medium</td>
<td>6.5</td>
</tr>
<tr>
<td>CVE-2025-8770</td>
<td>Merge request approval bypass</td>
<td>Medium</td>
<td>6.5</td>
</tr>
<tr>
<td>CVE-2025-2937</td>
<td>RegEx complexity in wiki</td>
<td>Medium</td>
<td>6.5</td>
</tr>
<tr>
<td>CVE-2025-1477</td>
<td>Resource limits in Mattermost integration</td>
<td>Medium</td>
<td>6.5</td>
</tr>
<tr>
<td>CVE-2025-5819</td>
<td>Permission assignment in ID token</td>
<td>Medium</td>
<td>5.0</td>
</tr>
<tr>
<td>CVE-2025-2498</td>
<td>Access control in IP restrictions</td>
<td>Low</td>
<td>3.1</td>
</tr>
</tbody>
</table>
</figure>
<p>Two additional high-severity XSS vulnerabilities compound the security risks.CVE-2025-7734affects the blob viewer component and impacts all versions from 14.2 before the patched releases, whileCVE-2025-7739targets label descriptions in the most recent 18.2 branch.</p>
<p>Both vulnerabilities carry the same 8.7 CVSS rating and could enable stored cross-site scripting attacks. Beyond XSS vulnerabilities, the patch addresses significant permission handling flaws.</p>
<p>CVE-2025-8094allows authenticated users with maintainer privileges to manipulate shared infrastructure resources beyond their intended access level, potentially causing denial of service to other users’ CI/CD pipelines.</p>
<p>This vulnerability affects versions 18.0 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2.</p>
<p>Several medium-severity vulnerabilities enable <a href="https://gbhackers.com/new-microsoft-exchange-server-vulnerability/" rel="noreferrer noopener" target="_blank">privilege escalation</a> and unauthorized access.</p>
<p>CVE-2024-12303allows users to delete confidential issues through role manipulation, whileCVE-2024-10219permits bypassing access controls to download private artifacts.</p>
<p>Resource exhaustion vulnerabilitiesCVE-2025-2614andCVE-2025-1477could enable denial of service attacks through specially crafted content.</p>
<p>GitLab strongly recommends immediate upgrading to the latest patched versions, as GitLab.com is already running the secured release.</p>
<p>The vulnerabilities were primarily discovered through GitLab’s HackerOne bug bounty program, with researchers including joaxcar, yvvdwf, and others contributing to the discoveries.</p>
<p>The comprehensive nature of these vulnerabilities underscores the critical importance of maintaining current GitLab installations and implementing regular security updates.</p>
<p><strong><code>AWS Security Services:10-Point Executive Checklist - <a href="https://underdefense.com/aws-security-services-10-point-executive-checklist/?utm_source=cybersecuritynews.com&utm_medium=online_media&utm_campaign=csn_linkedin_newsletter_aws_sec_check_aug" rel="noreferrer noopener nofollow" target="_blank">Download for Free</a></code></strong></p>
</div></div>