Filtered by vendor Gitlab
Subscriptions
Total
1160 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||
| CVE-2022-3740 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . | ||||
| CVE-2022-3572 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 9.3 Critical |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | ||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | ||||
| CVE-2022-4092 | 1 Gitlab | 1 Gitlab | 2025-04-01 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input. | ||||
| CVE-2024-10307 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 4.3 Medium |
| An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. | ||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 5.2 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | ||||
| CVE-2022-4335 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 4.3 Medium |
| A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. | ||||
| CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 6.3 Medium |
| In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | ||||
| CVE-2022-4201 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 3.5 Low |
| A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. | ||||
| CVE-2022-4255 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 4.3 Medium |
| An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. | ||||
| CVE-2025-0811 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. | ||||
| CVE-2025-2255 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 8.7 High |
| An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. | ||||
| CVE-2025-2867 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 4.4 Medium |
| An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. | ||||
| CVE-2024-9773 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 3.7 Low |
| An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI. | ||||
| CVE-2025-2242 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 7.5 High |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects. | ||||
| CVE-2022-4206 | 1 Gitlab | 1 Dast Api Scanner | 2025-03-27 | 5 Medium |
| A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | ||||
| CVE-2023-0518 | 1 Gitlab | 1 Gitlab | 2025-03-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart. | ||||
| CVE-2022-4138 | 1 Gitlab | 1 Gitlab | 2025-03-21 | 6.4 Medium |
| A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | ||||