Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab 16.4.0 vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-5332
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
Hashicorp Consul
Hashicorp Consul 1.1.0
7.5
CVSSv3
CVE-2023-4379
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
7.5
CVSSv3
CVE-2023-5106
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 before 16.2.8, 16.3.0 before 16.3.5, and 16.4.0 before 16.4.1 that could allow an malicious user to impersonate users in CI pipelines through direct transfer group imports.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
8.8
CVSSv3
CVE-2023-5207
A vulnerability exists in GitLab CE and EE affecting all versions starting 16.0 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
7.5
CVSSv3
CVE-2023-3413
An issue has been discovered in GitLab affecting all versions starting from 16.2 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. It was possible to read the source code of a project through a fork created before c...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
7.1
CVSSv3
CVE-2023-3922
An issue has been discovered in GitLab affecting all versions starting from 8.15 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious pag...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
4.3
CVSSv3
CVE-2023-5198
An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 prior to 16.3.5, and all versions starting from 16.4 prior to 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
3.5
CVSSv3
CVE-2023-3906
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1, allowed an authenticated malicious user to craft image urls which bypass the asset proxy.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
7.5
CVSSv3
CVE-2023-3917
Denial of Service in pipelines affecting all versions of Gitlab EE and CE before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows malicious user to cause pipelines to fail.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
4.3
CVSSv3
CVE-2023-3920
An issue has been discovered in GitLab affecting all versions starting from 11.2 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. It was possible that a maintainer to create a fork relationship between existing pro...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »