Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-0921
GitLab Community and Enterprise Editions prior to 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
Gitlab Gitlab
6.8
CVSSv2
CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 8.17.8, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.10, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.4 might allow remote malicious users to execute arbitrary code via a crafted SSH URL in a ...
Gitlab Gitlab 9.2.2
Gitlab Gitlab 9.0.9
Gitlab Gitlab 9.0.2
Gitlab Gitlab 9.4.0
Gitlab Gitlab 9.0.8
Gitlab Gitlab 9.0.1
Gitlab Gitlab 9.0.6
Gitlab Gitlab 9.3.4
Gitlab Gitlab 9.1.6
Gitlab Gitlab 9.0.12
Gitlab Gitlab 9.3.6
Gitlab Gitlab 9.2.8
Gitlab Gitlab 9.1.7
Gitlab Gitlab 9.1.1
Gitlab Gitlab 9.2.4
Gitlab Gitlab 9.3.2
Gitlab Gitlab 9.0.5
Gitlab Gitlab 9.1.8
Gitlab Gitlab 9.3.1
Gitlab Gitlab 9.2.1
Gitlab Gitlab 9.0.0
Gitlab Gitlab 9.1.4
6.8
CVSSv2
CVE-2013-4580
GitLab prior to 5.4.2, Community Edition prior to 6.2.4, and Enterprise Edition prior to 6.2.1, when using a MySQL backend, allows remote malicious users to impersonate arbitrary users and bypass authentication via unspecified API calls.
Gitlab Gitlab
Gitlab Gitlab 3.0.1
Gitlab Gitlab 3.0.0
Gitlab Gitlab 2.9.1
Gitlab Gitlab 2.9.0
Gitlab Gitlab 1.2.0
Gitlab Gitlab 1.1.0
Gitlab Gitlab 1.0.2
Gitlab Gitlab 1.0.1
Gitlab Gitlab 5.3.0
Gitlab Gitlab 5.1.0
Gitlab Gitlab 4.0.0
Gitlab Gitlab 3.0.3
Gitlab Gitlab 2.8.0
Gitlab Gitlab 2.6.0
Gitlab Gitlab 2.0.0
Gitlab Gitlab 1.2.1
Gitlab Gitlab 1.0.0
Gitlab Gitlab 0.9.4
Gitlab Gitlab 5.0.1
Gitlab Gitlab 5.0.0
Gitlab Gitlab 4.2.0
6.8
CVSSv2
CVE-2013-4581
GitLab 5.0 prior to 5.4.2, Community Edition prior to 6.2.4, Enterprise Edition prior to 6.2.1 and gitlab-shell prior to 1.7.8 allows remote malicious users to execute arbitrary code via a crafted change using SSH.
Gitlab Gitlab 3.1.0
Gitlab Gitlab 3.0.3
Gitlab Gitlab 3.0.2
Gitlab Gitlab 3.0.1
Gitlab Gitlab 2.1.0
Gitlab Gitlab 2.0.0
Gitlab Gitlab 1.2.2
Gitlab Gitlab 1.2.1
Gitlab Gitlab 1.2.0
Gitlab Gitlab 6.1.0
Gitlab Gitlab 6.0.0
Gitlab Gitlab 5.4.1
Gitlab Gitlab 5.0.1
Gitlab Gitlab 4.2.0
Gitlab Gitlab 4.0.0
Gitlab Gitlab 3.0.0
Gitlab Gitlab 2.9.0
Gitlab Gitlab 2.3.1
Gitlab Gitlab 2.2.0
Gitlab Gitlab 1.0.2
Gitlab Gitlab 1.0.0
Gitlab Gitlab
6.5
CVSSv2
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. When group SAML SSO is configured, the SCIM feature (availabl...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
6.5
CVSSv2
CVE-2022-1423
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and all versions from 14.10.0 prior to 14.10.1 allows a malicious actor with Developer privileges to perform ...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
6.5
CVSSv2
CVE-2022-0425
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an malicious user to trigger Server Side Request Forgery (SSRF) attacks.
Gitlab Gitlab
6.5
CVSSv2
CVE-2021-39937
A collision in access memoization logic in all versions of GitLab CE/EE prior to 14.3.6, all versions starting from 14.4 prior to 14.4.4, all versions starting from 14.5 prior to 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
Gitlab Gitlab
6.5
CVSSv2
CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
Gitlab Gitlab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »