Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-13333
A potential DOS vulnerability exists in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
Gitlab Gitlab 13.1.0
Gitlab Gitlab 13.2.0
Gitlab Gitlab 13.3.0
NA
CVE-2023-4700
An authorization issue affecting GitLab EE affecting all versions from 14.7 before 16.3.6, 16.4 before 16.4.2, and 16.5 before 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
668
VMScore
CVE-2021-22203
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 prior to 13.8.7, all versions starting from 13.9 prior to 13.9.5, and all versions starting from 13.10 prior to 13.10.1. A specially crafted Wiki page allowed malicious users to read arbitrar...
Gitlab Gitlab
Gitlab Gitlab 13.10.0
490
VMScore
CVE-2021-39867
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an malicious user to trigger Server Side Request Forgery (SSRF) attacks.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
187
VMScore
CVE-2021-39895
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to infor...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
445
VMScore
CVE-2021-39897
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
Gitlab Gitlab
Gitlab Gitlab 13.0.0
445
VMScore
CVE-2021-39908
In all versions of GitLab CE/EE starting from 0.8.0 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
312
VMScore
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an malicious user to bypass CODEOWNE...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
NA
CVE-2023-3246
An issue has been discovered in GitLab EE/CE affecting all versions starting prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1 which allows an malicious users to block Sidekiq job processor.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
445
VMScore
CVE-2022-1413
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and all versions from 14.10.0 prior to 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
Gitlab Gitlab 14.10.0
Gitlab Gitlab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »