Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-9469
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenti...
Gitlab Gitlab 8.13.0
Gitlab Gitlab 8.13.1
Gitlab Gitlab 8.14.0
Gitlab Gitlab 8.14.1
Gitlab Gitlab 8.13.4
Gitlab Gitlab 8.13.5
Gitlab Gitlab 8.13.2
Gitlab Gitlab 8.13.3
Gitlab Gitlab 8.13.6
Gitlab Gitlab 8.13.7
Gitlab Gitlab 8.14.2
6.5
CVSSv2
CVE-2013-4490
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell prior to 1.7.3, as used in GitLab 5.0 prior to 5.4.1 and 6.x prior to 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Gitlab Gitlab 6.0.0
Gitlab Gitlab 6.2.0
Gitlab Gitlab 5.2.0
Gitlab Gitlab 5.0.1
Gitlab Gitlab-shell
Gitlab Gitlab-shell 1.4.0
Gitlab Gitlab-shell 1.2.0
Gitlab Gitlab-shell 1.7.1
Gitlab Gitlab-shell 1.7.0
Gitlab Gitlab-shell 1.6.0
Gitlab Gitlab-shell 1.5.0
Gitlab Gitlab 6.2.1
Gitlab Gitlab 6.2.2
Gitlab Gitlab 5.4.0
Gitlab Gitlab 5.3.0
Gitlab Gitlab-shell 1.0.4
Gitlab Gitlab 6.1.0
Gitlab Gitlab 5.1.0
Gitlab Gitlab 5.0.0
Gitlab Gitlab-shell 1.3.0
Gitlab Gitlab-shell 1.1.0
1 EDB exploit
6.5
CVSSv2
CVE-2013-4489
The Grit gem for Ruby, as used in GitLab 5.2 prior to 5.4.1 and 6.x prior to 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
Gitlab Gitlab 6.0.0
Gitlab Gitlab 6.1.0
Gitlab Gitlab 5.4.0
Gitlab Gitlab 6.2.0
Gitlab Gitlab 6.2.2
Gitlab Gitlab 5.3.0
Gitlab Gitlab 6.2.1
Gitlab Gitlab 5.2.0
4.3
CVSSv2
CVE-2017-0923
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
Gitlab Gitlab 10.1.5
Gitlab Gitlab 10.2.5
Gitlab Gitlab 10.3.3
Gitlab Gitlab 9.5.10
NA
CVE-2023-5356
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 prior to 16.5.6, all versions starting from 16.6 prior to 16.6.4, all versions starting from 16.7 prior to 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
1 Article
NA
CVE-2023-6955
An improper access control vulnerability exists in GitLab Remote Development affecting all versions before 16.5.6, 16.6 before 16.6.4 and 16.7 before 16.7.2. This condition allows an malicious user to create a workspace in one group that is associated with an agent from another g...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
7.5
CVSSv2
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
Gitlab Gitlab 14.3.1
NA
CVE-2023-2030
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 before 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
NA
CVE-2023-4812
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.5.6, all versions starting from 16.6 prior to 16.6.4, all versions starting from 16.7 prior to 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previou...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
4
CVSSv2
CVE-2020-13333
A potential DOS vulnerability exists in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
Gitlab Gitlab 13.1.0
Gitlab Gitlab 13.2.0
Gitlab Gitlab 13.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »