Filtered by vendor Gitlab
Subscriptions
Total
1160 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5528 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 3.5 Low |
| An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. | ||||
| CVE-2024-3976 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users. | ||||
| CVE-2024-2878 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. | ||||
| CVE-2023-6386 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 6.5 Medium |
| A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation. | ||||
| CVE-2024-1539 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. | ||||
| CVE-2024-6356 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 4.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. | ||||
| CVE-2024-1211 | 1 Gitlab | 1 Gitlab | 2025-01-31 | 6.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider. | ||||
| CVE-2023-2182 | 1 Gitlab | 1 Gitlab | 2025-01-30 | 6.8 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. | ||||
| CVE-2023-2069 | 1 Gitlab | 1 Gitlab | 2025-01-30 | 6.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. | ||||
| CVE-2023-1204 | 1 Gitlab | 1 Gitlab | 2025-01-30 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | ||||
| CVE-2023-1265 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. | ||||
| CVE-2023-1836 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 4.4 Medium |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances | ||||
| CVE-2023-1965 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 6.8 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default. | ||||
| CVE-2023-2478 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 9.6 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. | ||||
| CVE-2025-0290 | 1 Gitlab | 1 Gitlab | 2025-01-28 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. | ||||
| CVE-2023-2181 | 1 Gitlab | 1 Gitlab | 2025-01-24 | 6.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. | ||||
| CVE-2023-2825 | 1 Gitlab | 1 Gitlab | 2025-01-15 | 10 Critical |
| An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | ||||
| CVE-2024-5469 | 1 Gitlab | 1 Gitlab | 2025-01-09 | 3.1 Low |
| DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. | ||||
| CVE-2024-4011 | 1 Gitlab | 1 Gitlab | 2025-01-09 | 3.1 Low |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. | ||||
| CVE-2024-6324 | 1 Gitlab | 1 Gitlab | 2025-01-09 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. | ||||