Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN057
_____________________________________________________________________

DATE                : 21/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running GitLab versions prior to
                             18.8.2, 18.7.2, 18.6.4.

=====================================================================
https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/
_____________________________________________________________________

 GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4

Learn more about GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4 for 
GitLab Community Edition (CE) and Enterprise Edition (EE).

Today, we are releasing versions 18.8.2, 18.7.2, 18.6.4 for GitLab 
Community Edition (CE) and Enterprise Edition (EE).

These versions contain important bug and security fixes, and we 
strongly recommend that all self-managed GitLab installations be 
upgraded to one of these versions immediately. GitLab.com is already 
running the patched version. GitLab Dedicated customers do not need to 
take action.

GitLab releases fixes for vulnerabilities in patch releases. There are 
two types of patch releases: scheduled releases and ad-hoc critical 
patches for high-severity vulnerabilities. Scheduled releases are 
released twice a month on the second and fourth Wednesdays. For more 
information, please visit our releases handbook and security FAQ. You 
can see all of GitLab release blog posts here.

For security fixes, the issues detailing each vulnerability are made 
public on our issue tracker 30 days after the release in which they 
were patched.

We are committed to ensuring that all aspects of GitLab that are 
exposed to customers or that host customer data are held to the 
highest security standards. To maintain good security hygiene, it is 
highly recommended that all customers upgrade to the latest patch 
release for their supported version. You can read more best practices 
in securing your GitLab instance in our blog post.


Recommended Action

We strongly recommend that all installations running a version 
affected by the issues described below are upgraded to the latest 
version as soon as possible.

When no specific deployment type (omnibus, source code, helm chart, 
etc.) of a product is mentioned, it means all types are affected.


Security fixes

Table of security fixes

Title 	Severity

Denial of Service issue in in Jira Connect integration impacts GitLab 
CE/EE 	High

Incorrect Authorization issue in Releases API impacts GitLab CE/EE 	
High

Unchecked Return Value issue in authentication services impacts GitLab 
CE/EE 	High

Infinite Loop issue in Wiki redirects impacts GitLab CE/EE 	Medium

Denial of Service issue in API endpoint impacts GitLab CE/EE 	Medium


CVE-2025-13927 - Denial of Service issue in Jira Connect integration 
impacts GitLab CE/EE

GitLab has remediated an issue that could have allowed an 
unauthenticated user to create a denial of service condition by 
sending crafted requests with malformed authentication data.

Impacted Versions: GitLab CE/EE: all versions from 11.9 before 18.6.4, 
18.7 before 18.7.2, and 18.8 before 18.8.2
CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Thanks a92847865 for reporting this vulnerability through our 
HackerOne bug bounty program.


CVE-2025-13928 - Incorrect Authorization issue in Releases API impacts 
GitLab CE/EE

GitLab has remediated an issue that could have allowed an 
unauthenticated user to cause a denial of service condition by 
exploiting incorrect authorization validation in API endpoints.

Impacted Versions: GitLab CE/EE: all versions from 17.7 before 18.6.4, 
18.7 before 18.7.2, and 18.8 before 18.8.2
CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Thanks a92847865 for reporting this vulnerability through our 
HackerOne bug bounty program.


CVE-2026-0723 - Unchecked Return Value issue in authentication 
services impacts GitLab CE/EE

GitLab has remediated an issue that could have allowed an individual 
with existing knowledge of a victim's credential ID to bypass 
two-factor authentication by submitting forged device responses.

Impacted Versions: GitLab CE/EE: all versions from 18.6 before 18.6.4, 
18.7 before 18.7.2, and 18.8 before 18.8.2
CVSS 7.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Thanks ahacker1 for reporting this vulnerability through our HackerOne 
bug bounty program.


CVE-2025-13335 - Infinite Loop issue in Wiki redirects impacts GitLab 
CE/EE

GitLab has remediated an issue that under certain circumstances could 
have allowed an authenticated user to create a denial of service 
condition by configuring malformed Wiki documents that bypass cycle 
detection.

Impacted Versions: GitLab CE/EE: all versions from 17.1 before 18.6.4, 
18.7 before 18.7.2, and 18.8 before 18.8.2
CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Thanks sim4n6 for reporting this vulnerability through our HackerOne 
bug bounty program.


CVE-2026-1102 - Denial of Service issue in API endpoint impacts GitLab 
CE/EE

GitLab has remediated an issue that could have allowed an 
unauthenticated user to create a denial of service condition by 
sending repeated malformed SSH authentication requests.

Impacted Versions: GitLab CE/EE: all versions from 12.3 before 18.6.4, 
18.7 before 18.7.2, and 18.8 before 18.8.2
CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

This vulnerability has been discovered internally by GitLab team 
member Thiago Figueiró.


Bug fixes

18.8.2

    Backport of Make external agent configurations GA
    Backport Remove GitLab Dedicated support for semantic search until 
it's available
    Backport of '18.8.0: Merge Request reviewer dropdown crashes and 
does not send request'
    Backport of 'Pass user id to workflow service'
    Backport of rake task to seed AI Catalogs with external agents
    Backport of Separate policy logic for AI Catalog Flows and 
Foundational Flows

18.7.2

    Backport of Fix logic for fetching occurrences related to 
vulnerabilties
    Backport of "Removes feature flag enablement for svc accounts"
    Backport of flaky import spec quarantine
    Backport 18.7 - Fix searchable dropdown race condition when typing 
fast
    Backport of Recreate p_sent_notifications.reply_key index
    Fix container_repositories index repair to handle 1-to-1 
relationship
    [18.7] Fix migration health check endpoint
    Backport of 'Fix soft wrap not working due to accessibilitySupport 
conflict'
    Backport of 'Fix git push error for remote flows in self-managed 
instances'
    [Backport 18.7] Exclude Git LFS paths from Git HTTP throttling
    Backport of Correct Code Review Flow history for beta
    Backport of 'Fix Duo Chat button visibility for Amazon Q'
    Backport Allow user namespaces to be indexed in Zoekt for 
self-managed
    Backport of 'Disable Sidekiq retries for ClickHouse pipeline/build 
sync workers'
    Backport of 'Disable async_insert in build and pipeline sync 
operations'
    18.7 - Remove manual from SLES-12.5-release-pulp job

18.6.4

    Backport of "Removes feature flag enablement for svc accounts"
    Backport of flaky import spec quarantine
    Backport 18.6 - Fix searchable dropdown race condition when typing 
fast
    Fix container_repositories index repair to handle 1-to-1 
relationship
    Backport of 'Fix soft wrap not working due to accessibilitySupport 
conflict'
    Backport of 'Fix git push error for remote flows in self-managed 
instances'
    [Backport 18.6] Exclude Git LFS paths from Git HTTP throttling
    Backport-Allow user namespaces to be indexed in Zoekt for 
self-managed
    Backport of 'Disable Sidekiq retries for ClickHouse pipeline/build 
sync workers'
    Backport of 'Disable async_insert in build and pipeline sync 
operations'
    18.6 - Remove manual from SLES-12.5-release-pulp job
    Start Pulp FIPS jobs after PC FIPS jobs - 18.6
    [CI] Fix the builder image tags for the check-packages jobs 18-6


Important notes on upgrading

This patch includes database migrations that may impact your upgrade 
process.

Impact on your installation:

    Single-node instances: This patch will cause downtime during the 
upgrade as migrations must complete before GitLab can start.
    Multi-node instances: With proper zero-downtime upgrade 
procedures, this patch can be applied without downtime.


Post-deploy migrations

The following versions include post-deploy migrations that can run 
after the upgrade:

    18.7.2

To learn more about the impact of upgrades on your installation, see:

    Zero-downtime upgrades for multi-node deployments
    Standard upgrades for single-node installations


Updating

To update GitLab, see the Update page. To update GitLab Runner, see 
the Updating the Runner page.
Receive Patch Notifications

To receive patch blog notifications delivered to your inbox, visit our 
contact us page. To receive release notifications via RSS, subscribe 
to our patch release RSS feed or our RSS feed for all releases.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================