Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-3907
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 before 16.4.4, 16.5 before 16.5.4, and 16.6 before 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner
Gitlab Gitlab
8.8
CVSSv3
CVE-2023-5207
A vulnerability exists in GitLab CE and EE affecting all versions starting 16.0 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
8.8
CVSSv3
CVE-2023-2182
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 15.10.5, all versions starting from 15.11 prior to 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external...
Gitlab Gitlab 15.11.0
Gitlab Gitlab
8.8
CVSSv3
CVE-2018-17451
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
8.8
CVSSv3
CVE-2022-2185
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code executio...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
3 Github repositories
8.8
CVSSv3
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. When group SAML SSO is configured, the SCIM feature (availabl...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
8.8
CVSSv3
CVE-2022-1423
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and all versions from 14.10.0 prior to 14.10.1 allows a malicious actor with Developer privileges to perform ...
Gitlab Gitlab 14.10.0
Gitlab Gitlab
8.8
CVSSv3
CVE-2022-0751
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an malicious user to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands
Gitlab Gitlab
8.8
CVSSv3
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an malicious user to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover
Gitlab Gitlab
8.8
CVSSv3
CVE-2021-39937
A collision in access memoization logic in all versions of GitLab CE/EE prior to 14.3.6, all versions starting from 14.4 prior to 14.4.4, all versions starting from 14.5 prior to 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »