Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2022-1124
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions before 14.8.6, all versions from 14.9.0 before 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Gitlab Gitlab 14.10.0
Gitlab Gitlab
NA
CVE-2023-4018
An issue has been discovered in GitLab affecting all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.
Gitlab Gitlab 16.3.0
Gitlab Gitlab
356
VMScore
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later up to and including 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
Gitlab Gitlab
Gitlab Gitlab 13.0.0
383
VMScore
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later up to and including 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
Gitlab Gitlab
Gitlab Gitlab 13.0.0
578
VMScore
CVE-2020-13263
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later up to and including 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
Gitlab Gitlab
Gitlab Gitlab 13.0.0
445
VMScore
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later up to and including 13.0.1 allows other group maintainers to view Kubernetes cluster token
Gitlab Gitlab
Gitlab Gitlab 13.0.0
578
VMScore
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later up to and including 13.0.1 allows unverified user to use OAuth authorization code flow
Gitlab Gitlab
Gitlab Gitlab 13.0.0
445
VMScore
CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions up to and including 13.0.1
Gitlab Gitlab
Gitlab Gitlab 13.0.0
490
VMScore
CVE-2020-13275
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later up to and including 13.0.1
Gitlab Gitlab
Gitlab Gitlab 13.0.0
356
VMScore
CVE-2020-13276
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions up to and including 13.0.1
Gitlab Gitlab
Gitlab Gitlab 13.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »