Filtered by vendor Gitlab
Subscriptions
Total
1173 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9367 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | ||||
| CVE-2024-8647 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 5.4 Medium |
| An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | ||||
| CVE-2024-8233 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request. | ||||
| CVE-2024-8179 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled. | ||||
| CVE-2024-2818 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. | ||||
| CVE-2024-1299 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 6.5 Medium |
| A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges. | ||||
| CVE-2022-4143 | 1 Gitlab | 1 Gitlab | 2024-12-03 | 6.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization | ||||
| CVE-2023-2232 | 1 Gitlab | 1 Gitlab | 2024-11-27 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix | ||||
| CVE-2024-9693 | 1 Gitlab | 1 Gitlab | 2024-11-26 | 8.5 High |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations. | ||||
| CVE-2024-8641 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim. | ||||
| CVE-2024-8640 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.5 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server. | ||||
| CVE-2024-8635 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL | ||||
| CVE-2024-8631 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 Medium |
| A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles. | ||||
| CVE-2024-8311 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template. | ||||
| CVE-2024-8124 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request. | ||||
| CVE-2024-7091 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.1 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. | ||||
| CVE-2024-7060 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | ||||
| CVE-2024-7057 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. | ||||
| CVE-2024-7047 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. | ||||
| CVE-2024-6678 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | ||||