Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5356
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 prior to 16.5.6, all versions starting from 16.6 prior to 16.6.4, all versions starting from 16.7 prior to 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as...
Gitlab Gitlab 16.7.0
Gitlab Gitlab 16.7.1
Gitlab Gitlab
1 Article
NA
CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 before 16.1.6, 16.2 before 16.2.9, 16.3 before 16.3.7, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2 in which user account password reset emails could be delivered t...
Gitlab Gitlab
16 Github repositories
4 Articles
NA
CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access...
Redhat Red Hat Developer Hub
Linuxfoundation Backstage
NA
CVE-2023-3907
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 before 16.4.4, 16.5 before 16.5.4, and 16.6 before 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner
Gitlab Gitlab
NA
CVE-2023-6680
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 before 16.4.4, 16.5 before 16.5.4, and 16.6 before 16.6.2 allows an malicious user to authenticate as another user given their public key if they use Smartcard authe...
Gitlab Gitlab
NA
CVE-2023-6051
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.4.4, all versions starting from 16.5 prior to 16.5.4, all versions starting from 16.6 prior to 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a spe...
Gitlab Gitlab
NA
CVE-2023-3511
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 prior to 16.4.4, all versions starting from 16.5 prior to 16.5.4, all versions starting from 16.6 prior to 16.6.2. It was possible for auditor users to fork and submit merge requests to private pr...
Gitlab Gitlab
NA
CVE-2023-5512
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 prior to 16.4.4, all versions starting from 16.5 prior to 16.5.4, all versions starting from 16.6 prior to 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names le...
Gitlab Gitlab
NA
CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 prior to 16.4.4, all versions starting from 16.5 prior to 16.5.4, all versions starting from 16.6 prior to 16.6.2. In certain situations, it may have been possible for developers to override predefine...
Gitlab Gitlab
NA
CVE-2023-3904
An issue has been discovered in GitLab EE affecting all versions starting prior to 16.4.4, all versions starting from 16.5 prior to 16.5.4, all versions starting from 16.6 prior to 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in th...
Gitlab Gitlab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »