Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0861
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contr...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2022-3478
An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
NA
CVE-2022-3482
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
Gitlab Gitlab 15.6.0
Gitlab Gitlab
5.5
CVSSv2
CVE-2021-39867
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an malicious user to trigger Server Side Request Forgery (SSRF) attacks.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
4
CVSSv2
CVE-2021-39868
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
4.3
CVSSv2
CVE-2021-39869
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
4
CVSSv2
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
4.3
CVSSv2
CVE-2021-39873
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by malicious users to trick users into visiting a malicious website by spoofing the content in an error response.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5
CVSSv2
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5
CVSSv2
CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »