GitLab and Atlassian have rolled out critical security patches this week, addressing more than a dozen newly discovered vulnerabilities—including several high-severity threats that could put enterprise systems at risk if left unpatched.
Atlassian, the maker of popular tools like Jira and Confluence, issued eight separate advisories on Tuesday. These detailed six high-risk vulnerabilities spread across its Bamboo, Confluence, Fisheye/Crucible, and Jira products. Each of the bugs stemmed from third-party components integrated into these tools. If exploited, they could allow attackers to crash services (via denial-of-service attacks) or escalate their privileges, potentially gaining deeper access to internal systems.
To safeguard systems, Atlassian is urging users to install the latest updates. “Upgrading to the newest version is the only way to address all known security defects affecting your product,” the company emphasized.
Just a day later, GitLab followed suit, announcing fixes for 10 security issues impacting both its Community Edition (CE) and Enterprise Edition (EE). The most pressing among them is CVE-2025-0993, a high-severity vulnerability that authenticated users could exploit to trigger denial-of-service conditions by overwhelming server resources.
Beyond this, GitLab addressed several medium-severity bugs, including flaws that could let attackers bypass two-factor authentication, expose sensitive CI variables through the web interface, cause service disruption, or reveal email addresses meant to stay partially hidden.
Even lower-severity issues didn’t escape attention. Two minor vulnerabilities—one that could cause branch name confusion, and another that allowed unauthorized access to job data—were also patched.
All of GitLab’s fixes are bundled in versions 17.10.7, 17.11.3, and 18.0.1. Users are strongly encouraged to upgrade immediately to ensure system protection.
At this time, neither GitLab nor Atlassian have reported any real-world exploitation of these vulnerabilities. Still, given the potential impact, security experts warn that delaying updates could leave organizations exposed.
