Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-9756
An issue exists in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x prior to 11.6.10, 11.7.x prior to 11.7.6, and 11.8.x prior to 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
Gitlab Gitlab
9.8
CVSSv3
CVE-2019-9217
An issue exists in GitLab Community and Enterprise Edition prior to 11.6.10, 11.7.x prior to 11.7.6, and 11.8.x prior to 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
Gitlab Gitlab
9.8
CVSSv3
CVE-2018-18641
An issue exists in GitLab Community and Enterprise Edition prior to 11.2.7, 11.3.x prior to 11.3.8, and 11.4.x prior to 11.4.3. It has Cleartext Storage of Sensitive Information.
Gitlab Gitlab
9.8
CVSSv3
CVE-2018-18649
An issue exists in the wiki API in GitLab Community and Enterprise Edition prior to 11.2.7, 11.3.x prior to 11.3.8, and 11.4.x prior to 11.4.3. It allows for remote code execution.
Gitlab Gitlab
1 Github repository
9.8
CVSSv3
CVE-2018-16049
An issue exists in GitLab Community and Enterprise Edition prior to 11.0.6, 11.1.x prior to 11.1.5, and 11.2.x prior to 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
Gitlab Gitlab
9.8
CVSSv3
CVE-2018-14364
GitLab Community and Enterprise Edition prior to 10.7.7, 10.8.x prior to 10.8.6, and 11.x prior to 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
Gitlab Gitlab
9.8
CVSSv3
CVE-2018-8971
The Auth0 integration in GitLab prior to 10.3.9, 10.4.x prior to 10.4.6, and 10.5.x prior to 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Gitlab Gitlab
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-0916
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-0915
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
9.6
CVSSv3
CVE-2020-13292
In GitLab prior to 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »