Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-39894
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by malicious users to exploit Server Side Request Forgery attacks.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4.3
CVSSv3
CVE-2022-3478
An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
7.7
CVSSv3
CVE-2023-3399
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD var...
Gitlab Gitlab
Gitlab Gitlab 13.0.0
8.1
CVSSv3
CVE-2022-2326
An issue has been discovered in GitLab CE/EE affecting all versions prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. It may be possible to gain access to a private project through an email invite by using other use...
Gitlab Gitlab
Gitlab Gitlab 15.2
4.3
CVSSv3
CVE-2022-1124
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions before 14.8.6, all versions from 14.9.0 before 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1428
An issue has been discovered in GitLab affecting all versions prior to 14.8.6, all versions starting from 14.9 prior to 14.9.4, all versions starting from 14.10 prior to 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted ...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-2095
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1 allows a malicious authenticated user to view a public project's Deplo...
Gitlab Gitlab
Gitlab Gitlab 15.2
7.5
CVSSv3
CVE-2023-5106
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 before 16.2.8, 16.3.0 before 16.3.5, and 16.4.0 before 16.4.1 that could allow an malicious user to impersonate users in CI pipelines through direct transfer group imports.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
9.8
CVSSv3
CVE-2021-22203
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 prior to 13.8.7, all versions starting from 13.9 prior to 13.9.5, and all versions starting from 13.10 prior to 13.10.1. A specially crafted Wiki page allowed malicious users to read arbitrar...
Gitlab Gitlab
Gitlab Gitlab 13.10.0
5.3
CVSSv3
CVE-2022-4143
An issue has been discovered in GitLab affecting all versions starting from 15.7 prior to 15.8.5, from 15.9 prior to 15.9.4, and from 15.10 prior to 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
Gitlab Gitlab 15.10.0
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
NEXT »