Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-6736
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for an malicious user to cause a client-side denial of service us...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
6.7
CVSSv3
CVE-2023-6840
An issue has been discovered in GitLab EE affecting all versions from 16.4 before 16.6.7, 16.7 before 16.7.5, and 16.8 before 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Gitlab Gitlab
6.5
CVSSv3
CVE-2023-6159
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1 It was possible for an malicious user to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2023-5612
An issue has been discovered in GitLab affecting all versions prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
9.9
CVSSv3
CVE-2024-0402
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
1 Github repository
4.3
CVSSv3
CVE-2024-0456
An authorization vulnerability exists in GitLab versions 14.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
Gitlab Gitlab 16.8.0
Gitlab Gitlab
5.4
CVSSv3
CVE-2023-5933
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions unconditionally discovers projects that are shared with the configured owner group, allowing malicious users to configure and share a project, resulting in a crafted Pipeline being built by Jenkins duri...
Jenkins Github Branch Source
4.3
CVSSv3
CVE-2024-23902
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Github Branch Source
5.3
CVSSv3
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid we...
Jenkins Github Branch Source
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »