Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-1545
It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1 if an unauthorised project member was tagged in the note.
Gitlab Gitlab 14.10.0
Gitlab Gitlab
8.8
CVSSv3
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. When group SAML SSO is configured, the SCIM feature (availabl...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
4.9
CVSSv3
CVE-2022-0477
An issue has been discovered in GitLab affecting all versions starting from 11.9 prior to 14.5.4, all versions starting from 14.6.0 prior to 14.6.4, all versions starting from 14.7.0 prior to 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from...
Gitlab Gitlab
Gitlab Gitlab 14.7.0
4.3
CVSSv3
CVE-2022-1124
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions before 14.8.6, all versions from 14.9.0 before 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1983
Incorrect authorization in GitLab EE affecting all versions from 10.7 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even w...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
5.4
CVSSv3
CVE-2023-5933
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
6.4
CVSSv3
CVE-2022-3902
An issue has been discovered in GitLab affecting all versions starting from 9.3 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2023-3949
An issue has been discovered in GitLab affecting all versions starting from 11.3 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for unauthorized users to view a public projects' release descr...
Gitlab Gitlab
Gitlab Gitlab 16.6.0
6.5
CVSSv3
CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 before 15.4.4, and 15.5 before 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in poss...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-2303
An issue has been discovered in GitLab CE/EE affecting all versions prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by usin...
Gitlab Gitlab
Gitlab Gitlab 15.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »