Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5005 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API. | ||||
| CVE-2024-2434 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.5 High |
| An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read. | ||||
| CVE-2024-2829 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. | ||||
| CVE-2024-4006 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions | ||||
| CVE-2024-4024 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 7.3 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. | ||||
| CVE-2024-2454 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request. | ||||
| CVE-2023-6682 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server. | ||||
| CVE-2023-6688 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server. | ||||
| CVE-2024-12292 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs. | ||||
| CVE-2024-11274 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.7 High |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration. | ||||
| CVE-2024-10043 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 3.1 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | ||||
| CVE-2024-9367 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | ||||
| CVE-2024-8647 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 5.4 Medium |
| An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | ||||
| CVE-2024-8233 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request. | ||||
| CVE-2024-8179 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled. | ||||
| CVE-2023-6371 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2024-2818 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. | ||||
| CVE-2024-1299 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 6.5 Medium |
| A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges. | ||||
| CVE-2024-0199 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 7.7 High |
| An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. | ||||
| CVE-2023-6678 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. | ||||