Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1947
A denial of service (DoS) condition exists in GitLab CE/EE affecting all versions from 13.2.4 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
NA
CVE-2023-6502
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions prior to 16.10.6, version 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. It is possible for an malicious user to cause a denial of service using a crafted wiki page.
NA
CVE-2023-7045
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 prior to 16.10.6, from 16.11 prior to 16.11.3, from 17.0 prior to 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
NA
CVE-2024-5258
An authorization vulnerability exists within GitLab from versions 16.10 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
NA
CVE-2024-2874
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.6, version 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.
NA
CVE-2024-4835
A XSS condition exists within GitLab in versions 15.11 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
NA
CVE-2024-4539
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 16.9.7, starting from 16.10 before 16.10.5, and starting from 16.11 before 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.
NA
CVE-2024-4597
An issue has been discovered in GitLab EE affecting all versions from 16.7 prior to 16.9.7, all versions starting from 16.10 prior to 16.10.5, all versions starting from 16.11 prior to 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.
NA
CVE-2024-2651
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.9.7, all versions starting from 16.10 prior to 16.10.5, all versions starting from 16.11 prior to 16.11.2. It was possible for an malicious user to cause a denial of service using maliciously crafted ...
NA
CVE-2024-2454
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 16.9.7, starting from 16.10 before 16.10.5, and starting from 16.11 before 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »