AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

OR
          *cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* versions from (including) 18.3.0 up to (excluding) 18.3.4
          *cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* versions from (including) 18.4.0 up to (excluding) 18.4.2
          *cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* versions from (including) 5.2.0 up to (excluding) 18.2.8
          *cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* versions from (including) 18.3.0 up to (excluding) 18.3.4
          *cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* versions from (including) 18.4.0 up to (excluding) 18.4.2
          *cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* versions from (including) 5.2.0 up to (excluding) 18.2.8

GitLab Inc.: https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ Types: Release Notes, Vendor Advisory

GitLab Inc.: https://gitlab.com/gitlab-org/gitlab/-/issues/528979 Types: Broken Link

GitLab Inc.: https://hackerone.com/reports/3058791 Types: Permissions Required

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses.

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-770

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/

https://gitlab.com/gitlab-org/gitlab/-/issues/528979

https://hackerone.com/reports/3058791