Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an attacker with local file system access to obtain system ...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
NA
CVE-2023-0838
An issue has been discovered in GitLab affecting versions starting from 15.1 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplet...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
NA
CVE-2023-0989
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1 allows an malicious user to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configu...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
NA
CVE-2022-3478
An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
NA
CVE-2022-3513
An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
NA
CVE-2022-2459
An issue has been discovered in GitLab EE affecting all versions prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enable...
Gitlab Gitlab
Gitlab Gitlab 15.2
NA
CVE-2023-4700
An authorization issue affecting GitLab EE affecting all versions from 14.7 before 16.3.6, 16.4 before 16.4.2, and 16.5 before 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
NA
CVE-2023-5612
An issue has been discovered in GitLab affecting all versions prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
NA
CVE-2023-3443
An issue has been discovered in GitLab affecting all versions starting from 12.1 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.
Gitlab Gitlab
Gitlab Gitlab 16.6.0
6.5
CVSSv2
CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and prior to 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
Gitlab Gitlab 11.5.0
Gitlab Gitlab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »