Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5469
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 before 16.10.6 and 16.11.0 before 16.11.3 allows an malicious user to crash KAS via crafted gRPC requests.
NA
CVE-2024-4201
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior to 16.10.7, all versions starting from 16.11 prior to 16.111.4, all versions starting from 17.0 prior to 17.0.2. When viewing an XML file in a repository in raw mode, it can ...
NA
CVE-2024-1963
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 before 16.10.7, starting from 16.11 before 16.11.4, and starting from 17.0 before 17.0.2. A vulnerability in GitLab's Asana integration allowed an malicious user to potentially cause a regu...
NA
CVE-2024-1736
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.7, starting from 16.11 before 16.11.4, and starting from 17.0 before 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously craft...
NA
CVE-2024-1495
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 before 16.10.7, starting from 16.11 before 16.11.4, and starting from 17.0 before 17.0.2. It was possible for an malicious user to cause a denial of service using maliciously crafted file.
NA
CVE-2024-5318
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 before 16.10.6, starting from 16.11 before 16.11.3, and starting from 17.0 before 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.
NA
CVE-2023-6502
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions prior to 16.10.6, version 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. It is possible for an malicious user to cause a denial of service using a crafted wiki page.
NA
CVE-2023-7045
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 prior to 16.10.6, from 16.11 prior to 16.11.3, from 17.0 prior to 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
1 Article
NA
CVE-2024-1947
A denial of service (DoS) condition exists in GitLab CE/EE affecting all versions from 13.2.4 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
NA
CVE-2024-5258
An authorization vulnerability exists within GitLab from versions 16.10 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »