Alert GCSA-26058 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-26058
Data: 10 Aprile 2026
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in GitLab
che potrebbero consentire ad un attaccante remoto di manipolare dati,
rivelare informazioni riservate, oltrepassare restrizioni di sicurezza ed innescare
condizioni di Denial of Service e cross-site scripting su un sistema che ne sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni 18.8.x precedenti alla 18.8.9
versioni 18.9.x precedenti alla 18.9.5
versioni 18.10.x precedenti alla 18.10.3
:: Impatto
Denial of Service
Security Restriction Bypass
Cross-Site Scripting
Data Manipulation
Information Disclosure
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
GitLab - security best practices
https://about.gitlab.com/blog/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/gitlab-instance-security-best-practices/
https://about.gitlab.com/security/hardening/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5173
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCadifKwAKCRDBnEyTZRJg
QgtKAKDMMpoGgmxufunBghpP8GqaZNVhDQCeJUKGGoF11GU28oYfZDdaeHdF87Y=
=S7IE
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-26058
Data: 10 Aprile 2026
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in GitLab
che potrebbero consentire ad un attaccante remoto di manipolare dati,
rivelare informazioni riservate, oltrepassare restrizioni di sicurezza ed innescare
condizioni di Denial of Service e cross-site scripting su un sistema che ne sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni 18.8.x precedenti alla 18.8.9
versioni 18.9.x precedenti alla 18.9.5
versioni 18.10.x precedenti alla 18.10.3
:: Impatto
Denial of Service
Security Restriction Bypass
Cross-Site Scripting
Data Manipulation
Information Disclosure
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
GitLab - security best practices
https://about.gitlab.com/blog/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/gitlab-instance-security-best-practices/
https://about.gitlab.com/security/hardening/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5173
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCadifKwAKCRDBnEyTZRJg
QgtKAKDMMpoGgmxufunBghpP8GqaZNVhDQCeJUKGGoF11GU28oYfZDdaeHdF87Y=
=S7IE
-----END PGP SIGNATURE-----