Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0231 | 1 Gitlab | 1 Gitlab | 2024-09-11 | N/A | 2.7 LOW |
| A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits. | |||||
| CVE-2024-7057 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. | |||||
| CVE-2024-7091 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 5.0 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. | |||||
| CVE-2024-7060 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | |||||
| CVE-2024-5067 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 4.9 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. | |||||
| CVE-2023-7028 | 1 Gitlab | 1 Gitlab | 2024-09-03 | N/A | 9.8 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | |||||
| CVE-2024-6595 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 5.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | |||||
| CVE-2024-6323 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 7.5 HIGH |
| Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. | |||||
| CVE-2024-5469 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 4.3 MEDIUM |
| DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. | |||||
| CVE-2024-4011 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. | |||||
| CVE-2024-3115 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat. | |||||
| CVE-2024-3114 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server. | |||||
| CVE-2024-1963 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. | |||||
| CVE-2024-1736 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. | |||||
| CVE-2024-1495 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file. | |||||
| CVE-2024-1493 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server | |||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 5.3 MEDIUM |
| An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | |||||
| CVE-2024-3035 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 8.1 HIGH |
| A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | |||||
| CVE-2024-3958 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | |||||
| CVE-2024-7610 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 6.5 MEDIUM |
| A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. | |||||