ReportizFlow
Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2907 | 1 Gitlab | 1 Gitlab | 2025-04-04 | 5.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link. | ||||
| CVE-2022-4054 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. | ||||
| CVE-2022-3902 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. | ||||
| CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||
| CVE-2022-3740 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . | ||||
| CVE-2022-3572 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 9.3 Critical |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | ||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | ||||
| CVE-2022-4092 | 1 Gitlab | 1 Gitlab | 2025-04-01 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input. | ||||
| CVE-2024-10307 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 4.3 Medium |
| An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. | ||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 5.2 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | ||||
| CVE-2022-4335 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 4.3 Medium |
| A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. | ||||
| CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 6.3 Medium |
| In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | ||||
| CVE-2022-4201 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 3.5 Low |
| A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. | ||||
| CVE-2022-4255 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 4.3 Medium |
| An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. | ||||
| CVE-2025-2867 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 4.4 Medium |
| An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. | ||||
| CVE-2025-2242 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 7.5 High |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects. | ||||
| CVE-2025-2255 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 8.7 High |
| An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. | ||||
| CVE-2024-9773 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 3.7 Low |
| An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI. | ||||
| CVE-2025-0811 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. | ||||