Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6477
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. When a user is assigned a custom role with admin_group_member permission, they ma...
Gitlab Gitlab
Gitlab Gitlab 16.9.0
NA
CVE-2024-1451
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing malicious users to perform arbitrary actions on behalf of victims."...
Gitlab Gitlab 16.9.0
NA
CVE-2023-3509
An issue has been discovered in GitLab affecting all versions prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible ...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2024-1250
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege...
Gitlab Gitlab
NA
CVE-2023-6564
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role wer...
Gitlab Gitlab 16.4.3
Gitlab Gitlab 16.5.3
Gitlab Gitlab 16.6.1
NA
CVE-2024-1066
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 before 16.6.7, 16.7 before 16.7.5, and 16.8 before 16.8.2 which allows an malicious user to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
Gitlab Gitlab
NA
CVE-2023-6736
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for an malicious user to cause a client-side denial of service us...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2023-6840
An issue has been discovered in GitLab EE affecting all versions from 16.4 before 16.6.7, 16.7 before 16.7.5, and 16.8 before 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Gitlab Gitlab
NA
CVE-2023-5612
An issue has been discovered in GitLab affecting all versions prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
NA
CVE-2023-6159
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1 It was possible for an malicious user to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »