Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0456
An authorization vulnerability exists in GitLab versions 14.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
Gitlab Gitlab 16.8.0
Gitlab Gitlab
NA
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions unconditionally discovers projects that are shared with the configured owner group, allowing malicious users to configure and share a project, resulting in a crafted Pipeline being built by Jenkins duri...
Jenkins Github Branch Source
NA
CVE-2024-23902
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Github Branch Source
NA
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid we...
Jenkins Github Branch Source
NA
CVE-2023-6955
An improper access control vulnerability exists in GitLab Remote Development affecting all versions before 16.5.6, 16.6 before 16.6.4 and 16.7 before 16.7.2. This condition allows an malicious user to create a workspace in one group that is associated with an agent from another g...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
NA
CVE-2023-4812
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.5.6, all versions starting from 16.6 prior to 16.6.4, all versions starting from 16.7 prior to 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previou...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
NA
CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 before 16.1.6, 16.2 before 16.2.9, 16.3 before 16.3.7, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2 in which user account password reset emails could be delivered t...
Gitlab Gitlab
16 Github repositories
3 Articles
NA
CVE-2023-5356
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 prior to 16.5.6, all versions starting from 16.6 prior to 16.6.4, all versions starting from 16.7 prior to 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
1 Article
NA
CVE-2023-2030
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 before 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
NA
CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access...
Redhat Red Hat Developer Hub
Linuxfoundation Backstage
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »