Filtered by vendor Gitlab
Subscribe
Total
1047 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8977 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 8.1 HIGH |
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks. | |||||
CVE-2024-9596 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance. | |||||
CVE-2024-9623 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 6.5 MEDIUM |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | |||||
CVE-2024-6530 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 5.4 MEDIUM |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. | |||||
CVE-2024-1066 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` | |||||
CVE-2024-4278 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 2.7 LOW |
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. | |||||
CVE-2023-4647 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | |||||
CVE-2023-3246 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor. | |||||
CVE-2023-2485 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 4.9 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | |||||
CVE-2023-2030 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. | |||||
CVE-2023-1825 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | |||||
CVE-2023-1401 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | |||||
CVE-2023-0921 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 4.3 MEDIUM |
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | |||||
CVE-2023-0121 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 7.5 HIGH |
A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | |||||
CVE-2023-3205 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. | |||||
CVE-2023-3210 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. | |||||
CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 5.3 MEDIUM |
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | |||||
CVE-2023-3444 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches. | |||||
CVE-2023-3906 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 3.5 LOW |
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. | |||||
CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 8.8 HIGH |
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner |