Filtered by vendor Gitlab
Subscriptions
Total
1104 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8977 | 1 Gitlab | 1 Gitlab | 2024-10-16 | 8.2 High |
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks. | ||||
CVE-2024-9596 | 1 Gitlab | 1 Gitlab | 2024-10-16 | 3.7 Low |
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance. | ||||
CVE-2024-9623 | 1 Gitlab | 1 Gitlab | 2024-10-16 | 4.9 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | ||||
CVE-2024-6530 | 1 Gitlab | 1 Gitlab | 2024-10-16 | 7.3 High |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. | ||||
CVE-2024-4278 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 5.5 Medium |
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. | ||||
CVE-2024-4099 | 1 Gitlab | 1 Gitlab | 2024-10-04 | 3.1 Low |
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection. | ||||
CVE-2024-8974 | 1 Gitlab | 1 Gitlab | 2024-10-04 | 2.6 Low |
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." | ||||
CVE-2024-4283 | 1 Gitlab | 1 Gitlab | 2024-09-24 | 6.4 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow. | ||||
CVE-2024-6685 | 1 Gitlab | 1 Gitlab | 2024-09-24 | 3.1 Low |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members. | ||||
CVE-2024-2800 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 6.5 Medium |
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking. | ||||
CVE-2024-4207 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 4.4 Medium |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | ||||
CVE-2024-8754 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured. | ||||
CVE-2024-7110 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | ||||
CVE-2024-3958 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 5.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | ||||
CVE-2024-3035 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.8 Medium |
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | ||||
CVE-2024-8041 | 1 Gitlab | 1 Gitlab | 2024-09-11 | 6.5 Medium |
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. | ||||
CVE-2024-6502 | 1 Gitlab | 1 Gitlab | 2024-09-11 | 5.7 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. | ||||
CVE-2024-3114 | 1 Gitlab | 1 Gitlab | 2024-08-30 | 4.3 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server. | ||||
CVE-2024-7610 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 4.3 Medium |
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. | ||||
CVE-2024-7554 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 4.9 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner. |