This week, GitLab and Atlassian released urgent patches addressing more than a dozen vulnerabilities across their platforms, several of which are rated high severity and could pose serious security risks if left unaddressed.
Atlassian Fixes Six Critical Flaws in Popular Tools
On Tuesday, Atlassian issued eight separate security advisories revealing six high-severity vulnerabilities discovered in Bamboo, Confluence, Fisheye/Crucible, and Jira. These bugs originate from third-party components integrated into the platforms and, if exploited, could lead to denial-of-service (DoS) attacks or privilege escalation.
The company strongly recommends that users upgrade to the latest product versions to eliminate all known vulnerabilities. No signs of active exploitation have been reported, but the nature of the flaws makes patching critical for system integrity and user protection.
GitLab Addresses High-Severity DoS Risk and More
GitLab followed up on Wednesday with its own round of updates, releasing fixes for 10 vulnerabilities in both its Community Edition (CE) and Enterprise Edition (EE). Among them, CVE-2025-0993 stands out as the most severe—an issue that allows authenticated users to crash servers by overwhelming system resources.
The update also resolves seven medium-severity issues, including bugs that could bypass two-factor authentication, expose confidential CI variables, and reveal full user email addresses. Additionally, two low-severity bugs—branch name misidentification and unauthorized access to job data—were corrected.
These fixes have been rolled out in GitLab versions 17.10.7, 17.11.3, and 18.0.1. The company urges all users to apply the latest updates without delay, although it confirmed that none of the vulnerabilities appear to have been exploited in the wild.
