Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-4378
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry toke...
Gitlab Gitlab 16.3.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2023-4379
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
4.3
CVSSv3
CVE-2023-4532
An issue has been discovered in GitLab affecting all versions starting from 16.2 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a me...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
3.5
CVSSv3
CVE-2023-3906
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1, allowed an authenticated malicious user to craft image urls which bypass the asset proxy.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
6.5
CVSSv3
CVE-2023-3909
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. A Regular Expression Denial of Service was possible by adding a large string i...
Gitlab Gitlab
Gitlab Gitlab 16.5.0
5.3
CVSSv3
CVE-2023-3914
A business logic error in GitLab EE affecting all versions before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
7.2
CVSSv3
CVE-2023-3915
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. If an external user is given an owner role on any group, that external user may e...
Gitlab Gitlab 16.3.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2023-3917
Denial of Service in pipelines affecting all versions of Gitlab EE and CE before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows malicious user to cause pipelines to fail.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
4.3
CVSSv3
CVE-2023-3920
An issue has been discovered in GitLab affecting all versions starting from 11.2 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. It was possible that a maintainer to create a fork relationship between existing pro...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
7.1
CVSSv3
CVE-2023-3922
An issue has been discovered in GitLab affecting all versions starting from 8.15 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious pag...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »