Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5933
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
NA
CVE-2023-5963
An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 before 16.4.2 and 16.5 before 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
NA
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
NA
CVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
NA
CVE-2023-1733
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
NA
CVE-2023-1787
An issue has been discovered in GitLab affecting all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
NA
CVE-2018-17536
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is stored XSS on the merge request page via project import.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17537
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2022-4255
An info leak issue was identified in all versions of GitLab EE from 13.7 before 15.4.6, 15.5 before 15.5.5, and 15.6 before 15.6.1 which exposes user email id through webhook payload.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
NA
CVE-2023-5106
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 before 16.2.8, 16.3.0 before 16.3.5, and 16.4.0 before 16.4.1 that could allow an malicious user to impersonate users in CI pipelines through direct transfer group imports.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »