InfoSecBulletin Cybersecurity for mankind
GitLab has released a new patch to fix security vulnerabilities and stability issues in versions 18.8.2, 18.7.2, and 18.6.4 for both Community and Enterprise Editions. These updates are ready for self-managed installations and include crucial bug fixes and security improvements. Administrators should upgrade as soon as possible.
The GitLab patch release is for Community and Enterprise Editions with affected versions. GitLab.com is already updated, and GitLab Dedicated users don’t need to do anything. However, self-managed instances should upgrade to reduce vulnerabilities.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Overview of the Latest GitLab Patch Release:
This GitLab patch release fixes various security issues in both the Community and Enterprise Editions, including several high-severity vulnerabilities.
A serious issue, CVE-2025-13927, is a denial of service vulnerability in Jira Connect integration. GitLab stated that an unauthenticated attacker could cause a denial of service by sending specially crafted requests with bad authentication data. This affects all GitLab CE/EE versions from 11.9 up to, but not including, versions 18.6.4, 18.7.2, and 18.8.2. The vulnerability has a CVSS score of 7.5. GitLab acknowledged a92847865 for reporting it via their HackerOne bug bounty program.
CVE-2025-13928 is a serious issue affecting the Releases API. It allows unauthenticated users to cause a denial of service due to poor authorization validation. This vulnerability impacts GitLab Community and Enterprise Editions from version 17.7 before patches and has a CVSS score of 7.5. The same researcher reported it.
GitLab fixed CVE-2026-0723, a vulnerability in authentication services that could let attackers bypass two-factor authentication using a victim’s credential ID. It affects versions from 18.6 before the patch and has a CVSS score of 7.4. The issue was reported by ahacker1 on HackerOne.
Medium-severity issues include CVE-2025-13335, an infinite loop flaw in Wiki redirects that can lead to a denial of service by allowing authenticated users to create corrupted Wiki documents. This affects versions from 17.1 onward and has a CVSS score of 6.5. GitLab also resolved CVE-2026-1102, a denial-of-service vulnerability in an API endpoint caused by repeated bad SSH authentication requests, affecting versions from 12.3 onward with a CVSS score of 5.3. This vulnerability was found internally by team member Thiago Figueiró.
Bug Fixes and Upgrade Considerations for Self-Managed Users :
The GitLab patch release not only fixes vulnerabilities but also resolves numerous bugs in versions 18.8.2, 18.7.2, and 18.6.4. Key fixes include issues with merge request reviewer crashes, dropdown race conditions, container repository indexing, Git LFS throttling, accessibility issues, and Git push errors in self-managed setups. Improvements were also made for CI jobs, Sidekiq worker behavior, migration health checks, and AI catalog workflows.
GitLab warns that the patch release has database migrations that could affect the upgrade process. Single-node setups will face downtime during the upgrade as migrations need to complete before a restart. In contrast, multi-node setups can avoid downtime by using zero-downtime upgrade methods. Version 18.7.2 allows post-deploy migrations to run after the main upgrade.
GitLab advises all users of Community and Enterprise Edition to upgrade to the latest patch release promptly to minimize vulnerabilities and ensure stability.
