Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-12825
Unauthorized Access to the Container Registry of other groups exists in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, ...
Gitlab Gitlab 12.0.0
Gitlab Gitlab
NA
CVE-2023-3906
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1, allowed an authenticated malicious user to craft image urls which bypass the asset proxy.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
NA
CVE-2023-3909
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. A Regular Expression Denial of Service was possible by adding a large string i...
Gitlab Gitlab
Gitlab Gitlab 16.5.0
NA
CVE-2023-3914
A business logic error in GitLab EE affecting all versions before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
NA
CVE-2023-3917
Denial of Service in pipelines affecting all versions of Gitlab EE and CE before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows malicious user to cause pipelines to fail.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
NA
CVE-2023-3246
An issue has been discovered in GitLab EE/CE affecting all versions starting prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1 which allows an malicious users to block Sidekiq job processor.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
4.3
CVSSv2
CVE-2022-2281
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
Gitlab Gitlab 15.1.0
Gitlab Gitlab
NA
CVE-2022-2326
An issue has been discovered in GitLab CE/EE affecting all versions prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. It may be possible to gain access to a private project through an email invite by using other use...
Gitlab Gitlab
Gitlab Gitlab 15.2
NA
CVE-2023-5825
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and...
Gitlab Gitlab
Gitlab Gitlab 16.5.0
NA
CVE-2023-5831
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, and all versions starting from 16.5.0 prior to 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected ...
Gitlab Gitlab
Gitlab Gitlab 16.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »