Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Gitlab Gitlab
Gitlab Gitlab 14.4.0
2.7
CVSSv3
CVE-2022-2459
An issue has been discovered in GitLab EE affecting all versions prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enable...
Gitlab Gitlab
Gitlab Gitlab 15.2
6.4
CVSSv3
CVE-2022-2497
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. A malicious developer could exfiltrate an integration's access token by m...
Gitlab Gitlab
Gitlab Gitlab 15.2
7.5
CVSSv3
CVE-2022-2498
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 before 15.0.5, 15.1 before 15.1.4, and 15.2 before 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.
Gitlab Gitlab
Gitlab Gitlab 15.2
4.3
CVSSv3
CVE-2022-2499
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerabi...
Gitlab Gitlab
Gitlab Gitlab 15.2
7.5
CVSSv3
CVE-2022-2501
An improper access control issue in GitLab EE affecting all versions from 12.0 before 15.0.5, 15.1 before 15.1.4, and 15.2 before 15.2.1 allows an malicious user to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are ...
Gitlab Gitlab
Gitlab Gitlab 15.2
4.9
CVSSv3
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries ...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
2.7
CVSSv3
CVE-2022-1783
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. It may be possible for malicious group maintainers to add new members to a p...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
6.5
CVSSv3
CVE-2022-1935
Incorrect authorization in GitLab EE affecting all versions from 12.0 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from a...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
5.4
CVSSv3
CVE-2022-1940
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 before 14.9.5, 14.10 before 14.10.4, and 15.0 before 15.0.1 allows an malicious user to execute arbitrary JavaScript code in GitLab on a victim's behalf via special...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »