Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-2233
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5 and all versions starting from 16.4 prior to 16.4.1. It allows a project reporter to leak the owner'...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
4.3
CVSSv3
CVE-2023-4630
An issue has been discovered in GitLab affecting all versions starting from 10.6 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1 in which any user can read limited information about any project's imports.
Gitlab Gitlab 16.3.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2021-39869
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
4.3
CVSSv3
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5.3
CVSSv3
CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5.3
CVSSv3
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
2.7
CVSSv3
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4.3
CVSSv3
CVE-2021-39902
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4.3
CVSSv3
CVE-2021-39911
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook d...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »