Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-0249
A vulnerability exists in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.
Gitlab Gitlab
9.1
CVSSv3
CVE-2021-42091
An issue exists in Zammad prior to 4.1.1. SSRF can occur via GitHub or GitLab integration.
Zammad Zammad
9.1
CVSSv3
CVE-2020-13347
A command injection vulnerability exists in Gitlab runner versions before 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the malicious user to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build v...
Gitlab Gitlab
9.1
CVSSv3
CVE-2020-10083
GitLab 12.7 up to and including 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
Gitlab Gitlab
9.1
CVSSv3
CVE-2019-7353
An Incorrect Access Control issue exists in GitLab Community and Enterprise Edition 11.7.x prior to 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.
Gitlab Gitlab
9.1
CVSSv3
CVE-2019-5883
An Incorrect Access Control issue exists in GitLab Community and Enterprise Edition 6.0 and later but prior to 11.3.11, 11.4.x prior to 11.4.8, and 11.5.x prior to 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to...
Gitlab Gitlab
9.1
CVSSv3
CVE-2019-9890
An issue exists in GitLab Community and Enterprise Edition 10.x and 11.x prior to 11.6.10, 11.7.x prior to 11.7.6, and 11.8.x prior to 11.8.1. It has Insecure Permissions.
Gitlab Gitlab
9
CVSSv3
CVE-2023-43656
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is pos...
Matrix Hookshot
9
CVSSv3
CVE-2022-3726
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 allows an malicious user to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim'...
Gitlab Gitlab
8.8
CVSSv3
CVE-2023-5356
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 prior to 16.5.6, all versions starting from 16.6 prior to 16.6.4, all versions starting from 16.7 prior to 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »