Filtered by vendor Gitlab
Subscribe
Total
1037 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-2015 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.1 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims. | |||||
CVE-2023-0523 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.1 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. | |||||
CVE-2023-1936 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue. | |||||
CVE-2023-2589 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group. | |||||
CVE-2018-17454 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. | |||||
CVE-2019-14944 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. | |||||
CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 3.8 LOW |
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | |||||
CVE-2018-15472 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | |||||
CVE-2023-0508 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API. | |||||
CVE-2023-0326 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. | |||||
CVE-2023-1204 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | |||||
CVE-2023-1071 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. | |||||
CVE-2023-0756 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 8.0 HIGH |
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | |||||
CVE-2023-1733 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 7.5 HIGH |
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. | |||||
CVE-2023-0319 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only. | |||||
CVE-2018-17536 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. | |||||
CVE-2023-1621 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. | |||||
CVE-2023-2013 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | |||||
CVE-2018-17453 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. | |||||
CVE-2023-2182 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 8.8 HIGH |
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. |