GitLab 18.2 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:18.2:*:*:*:community:*:*:*
part: a version: 18.2 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352430 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7001 |
vulnerable | 2026-06-03 15:12:30.326502 |
Insufficient Granularity of Access Control in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable.
Published: 2025-07-24T06:05:22.870Z
Updated: 2025-07-24T13:36:37.546Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4700 |
vulnerable | 2026-06-03 15:01:48.580680 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS.
Published: 2025-07-23T17:33:13.646Z
Updated: 2026-02-26T17:50:16.041Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4439 |
vulnerable | 2026-06-03 15:01:47.675456 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (7.7)
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks.
Published: 2025-07-23T18:09:17.968Z
Updated: 2026-02-26T17:50:15.821Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1299 |
vulnerable | 2026-06-03 14:59:04.990310 |
Missing Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request.
Published: 2025-07-24T06:33:28.184Z
Updated: 2025-07-24T13:36:27.415Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0765 |
vulnerable | 2026-06-03 14:58:32.929423 |
Incorrect Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.
Published: 2025-07-24T06:33:38.009Z
Updated: 2025-07-24T13:36:22.397Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.