Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0861
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contr...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2024-1451
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing malicious users to perform arbitrary actions on behalf of victims."...
Gitlab Gitlab 16.9.0
NA
CVE-2024-1525
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their pas...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2023-3509
An issue has been discovered in GitLab affecting all versions prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible ...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2024-1250
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege...
Gitlab Gitlab
NA
CVE-2023-6564
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role wer...
Gitlab Gitlab 16.4.3
Gitlab Gitlab 16.5.3
Gitlab Gitlab 16.6.1
NA
CVE-2024-1066
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 before 16.6.7, 16.7 before 16.7.5, and 16.8 before 16.8.2 which allows an malicious user to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
Gitlab Gitlab
NA
CVE-2023-6736
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for an malicious user to cause a client-side denial of service us...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2023-6840
An issue has been discovered in GitLab EE affecting all versions from 16.4 before 16.6.7, 16.7 before 16.7.5, and 16.8 before 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Gitlab Gitlab
NA
CVE-2023-5612
An issue has been discovered in GitLab affecting all versions prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »