Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5207
A vulnerability exists in GitLab CE and EE affecting all versions starting 16.0 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
NA
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 before 15.4.6, 15.5 before 15.5.5, and 15.6 before 15.6.1 allows an malicious user to connect to local addresses when configuring a malicious GitLab Runner.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
NA
CVE-2022-4205
In Gitlab EE/CE prior to 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
NA
CVE-2024-0402
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
1 Github repository
NA
CVE-2024-0410
An authorization bypass vulnerability exists in GitLab affecting versions 15.1 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
Gitlab Gitlab 16.9.0
Gitlab Gitlab
NA
CVE-2024-0456
An authorization vulnerability exists in GitLab versions 14.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
Gitlab Gitlab 16.8.0
Gitlab Gitlab
NA
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 before 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.
Gitlab Gitlab
Gitlab Gitlab 16.1.0
NA
CVE-2023-4630
An issue has been discovered in GitLab affecting all versions starting from 10.6 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1 in which any user can read limited information about any project's imports.
Gitlab Gitlab 16.3.0
Gitlab Gitlab
NA
CVE-2022-2497
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. A malicious developer could exfiltrate an integration's access token by m...
Gitlab Gitlab
Gitlab Gitlab 15.2
NA
CVE-2022-2500
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows malicious users to perform arbitrary actions on behalf of victims at client side...
Gitlab Gitlab
Gitlab Gitlab 15.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »