Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Filtered by product Gitlab
Total 1034 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1417 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.
CVE-2023-1401 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.0 MEDIUM
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.
CVE-2023-1279 1 Gitlab 1 Gitlab 2024-11-21 N/A 2.6 LOW
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.
CVE-2023-1265 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.4 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.
CVE-2023-1210 1 Gitlab 1 Gitlab 2024-11-21 N/A 3.1 LOW
An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.
CVE-2023-1204 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
CVE-2023-1178 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.7 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.
CVE-2023-1167 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.3 MEDIUM
Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.
CVE-2023-1098 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.8 MEDIUM
An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.
CVE-2023-1084 1 Gitlab 1 Gitlab 2024-11-21 N/A 2.7 LOW
An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.
CVE-2023-1072 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.
CVE-2023-1071 1 Gitlab 1 Gitlab 2024-11-21 N/A 3.1 LOW
An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.
CVE-2023-0989 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.
CVE-2023-0921 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
CVE-2023-0838 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.5 MEDIUM
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
CVE-2023-0805 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.9 MEDIUM
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.
CVE-2023-0756 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.8 MEDIUM
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.
CVE-2023-0632 1 Gitlab 1 Gitlab 2024-11-21 N/A 6.5 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.
CVE-2023-0523 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.4 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.
CVE-2023-0518 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.