Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2021-22205
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Gitlab Gitlab
32 Github repositories
1 Article
10
CVSSv3
CVE-2020-13300
GitLab CE/EE version 13.3 before 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
Gitlab Gitlab
10
CVSSv3
CVE-2020-5415
Concourse, versions before 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have...
Pivotal Software Concourse
10
CVSSv3
CVE-2019-9174
An issue exists in GitLab Community and Enterprise Edition prior to 11.6.10, 11.7.x prior to 11.7.6, and 11.8.x prior to 11.8.1. It allows SSRF.
Gitlab Gitlab
10
CVSSv3
CVE-2018-18843
The Kubernetes integration in GitLab Enterprise Edition 11.x prior to 11.2.8, 11.3.x prior to 11.3.9, and 11.4.x prior to 11.4.4 has SSRF.
Gitlab Gitlab
9.9
CVSSv3
CVE-2024-0402
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
1 Github repository
9.9
CVSSv3
CVE-2022-2884
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 before 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Gitlab Gitlab
1 Github repository
9.9
CVSSv3
CVE-2022-2992
A vulnerability in GitLab CE/EE affecting all versions from 11.10 before 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Gitlab Gitlab
5 Github repositories
9.8
CVSSv3
CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 prior to 16.2.7, all versions starting from 16.3 prior to 16.3.4. It was possible for an malicious user to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a ...
Gitlab Gitlab
9.8
CVSSv3
CVE-2023-4008
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 prior to 16.0.8, all versions starting from 16.1 prior to 16.1.3, all versions starting from 16.2 prior to 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random...
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »