Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-13333
A potential DOS vulnerability exists in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
Gitlab Gitlab 13.1.0
Gitlab Gitlab 13.2.0
Gitlab Gitlab 13.3.0
5.3
CVSSv3
CVE-2023-0319
An issue has been discovered in GitLab affecting all versions starting from 13.6 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1, allowing to read environment names supposed to be restricted to project memebers o...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
4.6
CVSSv3
CVE-2023-0450
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
6.1
CVSSv3
CVE-2023-0523
An issue has been discovered in GitLab affecting all versions starting from 15.6 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1. An XSS was possible via a malicious email address for certain instances.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
6.4
CVSSv3
CVE-2022-3902
An issue has been discovered in GitLab affecting all versions starting from 9.3 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
2.7
CVSSv3
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later up to and including 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5.3
CVSSv3
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 before 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.
Gitlab Gitlab
Gitlab Gitlab 16.1.0
6.7
CVSSv3
CVE-2023-6477
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. When a user is assigned a custom role with admin_group_member permission, they ma...
Gitlab Gitlab
Gitlab Gitlab 16.9.0
4.3
CVSSv3
CVE-2023-4895
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings t...
Gitlab Gitlab
Gitlab Gitlab 16.9.0
6.5
CVSSv3
CVE-2023-4912
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for an malicious user to cause a client-side denial of service us...
Gitlab Gitlab
Gitlab Gitlab 16.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »