Alert GCSA-26042 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-26042
Data: 13 Marzo 2026
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in GitLab
che potrebbero consentire ad un attaccante remoto di manipolare dati,
rivelare informazioni riservate, oltrepassare restrizioni di sicurezza ed innescare
condizioni di Denial of Service e cross-site scripting su un sistema che ne sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni 18.7.x precedenti alla 18.7.6
versioni 18.8.x precedenti alla 18.8.6
versioni 18.9.x precedenti alla 18.9.2
:: Impatto
Denial of Service
Security Restriction Bypass
Cross-Site Scripting
Data Manipulation
Information Disclosure
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/
GitLab - security best practices
https://about.gitlab.com/blog/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/gitlab-instance-security-best-practices/
https://about.gitlab.com/security/hardening/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14513
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3848
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCabPEnw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC/OEAn0hHifQ1PnpmfsnmVyFDKoNFPx5lAJ9bzEhCvotE
c8o6ljU+MJIYkyjPlg==
=CUaX
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-26042
Data: 13 Marzo 2026
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in GitLab
che potrebbero consentire ad un attaccante remoto di manipolare dati,
rivelare informazioni riservate, oltrepassare restrizioni di sicurezza ed innescare
condizioni di Denial of Service e cross-site scripting su un sistema che ne sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni 18.7.x precedenti alla 18.7.6
versioni 18.8.x precedenti alla 18.8.6
versioni 18.9.x precedenti alla 18.9.2
:: Impatto
Denial of Service
Security Restriction Bypass
Cross-Site Scripting
Data Manipulation
Information Disclosure
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/
GitLab - security best practices
https://about.gitlab.com/blog/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/gitlab-instance-security-best-practices/
https://about.gitlab.com/security/hardening/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14513
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3848
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCabPEnw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC/OEAn0hHifQ1PnpmfsnmVyFDKoNFPx5lAJ9bzEhCvotE
c8o6ljU+MJIYkyjPlg==
=CUaX
-----END PGP SIGNATURE-----