Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-6564
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role wer...
Gitlab Gitlab 16.4.3
Gitlab Gitlab 16.5.3
Gitlab Gitlab 16.6.1
4.3
CVSSv3
CVE-2022-1821
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. It may be possible for a subgroup member to access the members list of their...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
5.4
CVSSv3
CVE-2022-1940
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 before 14.9.5, 14.10 before 14.10.4, and 15.0 before 15.0.1 allows an malicious user to execute arbitrary JavaScript code in GitLab on a victim's behalf via special...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
2.7
CVSSv3
CVE-2022-1981
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if ...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1983
Incorrect authorization in GitLab EE affecting all versions from 10.7 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even w...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1545
It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1 if an unauthorised project member was tagged in the note.
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-0120
An issue has been discovered in GitLab affecting all versions starting from 10.0 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. Due to improper permission validation it was possible to edit labels description by ...
Gitlab Gitlab 16.3.0
Gitlab Gitlab
3.5
CVSSv3
CVE-2023-3906
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1, allowed an authenticated malicious user to craft image urls which bypass the asset proxy.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
6.5
CVSSv3
CVE-2023-3909
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. A Regular Expression Denial of Service was possible by adding a large string i...
Gitlab Gitlab
Gitlab Gitlab 16.5.0
5.3
CVSSv3
CVE-2023-3914
A business logic error in GitLab EE affecting all versions before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »