Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2021-39867
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an malicious user to trigger Server Side Request Forgery (SSRF) attacks.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows subgroup members to see epics from all parent subgroups.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
5.3
CVSSv3
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an malicious user to bypass CODEOWNE...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
9.8
CVSSv3
CVE-2021-22203
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 prior to 13.8.7, all versions starting from 13.9 prior to 13.9.5, and all versions starting from 13.10 prior to 13.10.1. A specially crafted Wiki page allowed malicious users to read arbitrar...
Gitlab Gitlab
Gitlab Gitlab 13.10.0
5.3
CVSSv3
CVE-2024-1525
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their pas...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-1071
An issue has been discovered in GitLab affecting all versions from 15.5 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an is...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
8.8
CVSSv3
CVE-2013-4583
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 prior to 5.4.2, Community Edition prior to 6.2.4, and Enterprise Edition prior to 6.2.1 and gitlab-shell prior to 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
Gitlab Gitlab
Gitlab Gitlab-shell
6.5
CVSSv3
CVE-2023-6159
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1 It was possible for an malicious user to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2022-2228
Information exposure in GitLab EE affecting all versions from 12.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner ...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
4.5
CVSSv3
CVE-2022-2417
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 before 15.0.5, 15.1 before 15.1.4, and 15.2 before 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abuse...
Gitlab Gitlab
Gitlab Gitlab 15.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »