Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-13333
A potential DOS vulnerability exists in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
Gitlab Gitlab 13.1.0
Gitlab Gitlab 13.2.0
Gitlab Gitlab 13.3.0
NA
CVE-2023-4912
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for an malicious user to cause a client-side denial of service us...
Gitlab Gitlab
Gitlab Gitlab 16.6.0
4
CVSSv2
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge ...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
2.1
CVSSv2
CVE-2021-39895
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to infor...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
5
CVSSv2
CVE-2021-39897
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
Gitlab Gitlab
Gitlab Gitlab 13.0.0
4
CVSSv2
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
5
CVSSv2
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Gitlab Gitlab
Gitlab Gitlab 14.4.0
7.5
CVSSv2
CVE-2021-22203
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 prior to 13.8.7, all versions starting from 13.9 prior to 13.9.5, and all versions starting from 13.10 prior to 13.10.1. A specially crafted Wiki page allowed malicious users to read arbitrar...
Gitlab Gitlab
Gitlab Gitlab 13.10.0
5.8
CVSSv2
CVE-2022-0283
An issue has been discovered affecting GitLab versions before 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.
Gitlab Gitlab
Gitlab Gitlab 14.7
4.3
CVSSv2
CVE-2022-0344
An issue has been discovered in GitLab affecting all versions starting from 10.0 prior to 14.5.4, all versions starting from 10.1 prior to 14.6.4, all versions starting from 10.2 prior to 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when a...
Gitlab Gitlab
Gitlab Gitlab 14.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »