Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-5106
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 before 16.2.8, 16.3.0 before 16.3.5, and 16.4.0 before 16.4.1 that could allow an malicious user to impersonate users in CI pipelines through direct transfer group imports.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
5.3
CVSSv3
CVE-2023-4018
An issue has been discovered in GitLab affecting all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.
Gitlab Gitlab 16.3.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2022-1352
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public p...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2022-1406
Improper input validation in GitLab CE/EE affecting all versions from 8.12 before 14.8.6, all versions from 14.9.0 before 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project
Gitlab Gitlab 14.10.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2022-1413
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and all versions from 14.10.0 prior to 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
Gitlab Gitlab 14.10.0
Gitlab Gitlab
5.4
CVSSv3
CVE-2022-1416
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and all versions from 14.10.0 prior to 14.10.1 allows for rendering of attacker controlled HTML tags and C...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 prior to 14.8.6, all versions starting from 14.9 prior to 14.9.4, and all versions starting from 14.10 prior to 14.10.1 allows non-project members to access contents of Project Members-only Wikis vi...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
8.8
CVSSv3
CVE-2022-1423
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and all versions from 14.10.0 prior to 14.10.1 allows a malicious actor with Developer privileges to perform ...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2024-1525
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their pas...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2023-6736
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for an malicious user to cause a client-side denial of service us...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »