Both GitLab and Atlassian released security patches to fix multiple high- and medium-severity vulnerabilities in their products, including flaws that could lead to denial of service and privilege escalation. Users are advised to update their systems promptly to mitigate these risks, although no active exploitation has been reported yet. #GitLabCVEs #AtlassianVulnerabilities
Keypoints
- Atlassian disclosed eight advisories fixing six high-severity bugs across Bamboo, Confluence, Fisheye/Crucible, and Jira.
- All Atlassian vulnerabilities were found in third-party dependencies and could enable DoS attacks or privilege escalation.
- GitLab addressed ten bugs, including a critical flaw (CVE-2025-0993) that could allow DoS through resource exhaustion.
- Additional patches fixed medium-severity issues such as two-factor authentication bypass and sensitive information disclosure.
- Both companies recommend updating software to the latest versions to address these vulnerabilities and prevent potential attacks.
Read More: https://www.securityweek.com/gitlab-atlassian-patch-high-severity-vulnerabilities/