Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-39897
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5.3
CVSSv3
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
6.7
CVSSv3
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an attacker with local file system access to obtain system ...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4.3
CVSSv3
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Gitlab Gitlab
Gitlab Gitlab 14.4.0
3.7
CVSSv3
CVE-2022-3375
An issue has been discovered in GitLab affecting all versions starting from 11.10 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. It was possible to disclose the branch names when attacker has a fork of a projec...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-3246
An issue has been discovered in GitLab EE/CE affecting all versions starting prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1 which allows an malicious users to block Sidekiq job processor.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
4.3
CVSSv3
CVE-2022-3478
An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2022-3482
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
Gitlab Gitlab 15.6.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2022-1352
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public p...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
5.4
CVSSv3
CVE-2022-1940
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 before 14.9.5, 14.10 before 14.10.4, and 15.0 before 15.0.1 allows an malicious user to execute arbitrary JavaScript code in GitLab on a victim's behalf via special...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »