Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2022-2497
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. A malicious developer could exfiltrate an integration's access token by m...
Gitlab Gitlab
Gitlab Gitlab 15.2
9.8
CVSSv3
CVE-2022-2826
An issue has been discovered in GitLab affecting all versions starting from 10.0 prior to 12.9.8, all versions starting from 12.10 prior to 12.10.7, all versions starting from 13.0 prior to 13.0.1. TODO
Gitlab Gitlab
Gitlab Gitlab 13.0.0
8.8
CVSSv3
CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and prior to 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
Gitlab Gitlab 11.5.0
Gitlab Gitlab
7.2
CVSSv3
CVE-2023-3915
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. If an external user is given an owner role on any group, that external user may e...
Gitlab Gitlab 16.3.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2018-17455
An issue exists in GitLab Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge re...
Gitlab Gitlab
Gitlab Gitlab 11.3.0
4.3
CVSSv3
CVE-2022-1124
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions before 14.8.6, all versions from 14.9.0 before 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Gitlab Gitlab 14.10.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2022-1406
Improper input validation in GitLab CE/EE affecting all versions from 8.12 before 14.8.6, all versions from 14.9.0 before 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1428
An issue has been discovered in GitLab affecting all versions prior to 14.8.6, all versions starting from 14.9 prior to 14.9.4, all versions starting from 14.10 prior to 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted ...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1545
It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1 if an unauthorised project member was tagged in the note.
Gitlab Gitlab 14.10.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2023-5995
An issue has been discovered in GitLab EE affecting all versions starting from 16.2 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for an malicious user to abuse the policy bot to gain access to i...
Gitlab Gitlab
Gitlab Gitlab 16.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »