Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2023-1710
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 before 15.8.5, 15.9 before 15.9.4 and 15.10 before 15.10.1 allows an malicious user to view the count of internal notes for a given issue.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
4.6
CVSSv3
CVE-2023-0450
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-2095
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1 allows a malicious authenticated user to view a public project's Deplo...
Gitlab Gitlab
Gitlab Gitlab 15.2
5.5
CVSSv3
CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing t...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
6.1
CVSSv3
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later up to and including 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
Gitlab Gitlab
Gitlab Gitlab 13.0.0
8.8
CVSSv3
CVE-2020-13263
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later up to and including 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5.3
CVSSv3
CVE-2020-13265
User email verification bypass in GitLab CE/EE 12.5 and later up to and including 13.0.1 allows user to bypass email verification
Gitlab Gitlab
Gitlab Gitlab 13.0.0
8.8
CVSSv3
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later up to and including 13.0.1 allows unverified user to use OAuth authorization code flow
Gitlab Gitlab
Gitlab Gitlab 13.0.0
7.5
CVSSv3
CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions up to and including 13.0.1
Gitlab Gitlab
Gitlab Gitlab 13.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »