Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-39908
In all versions of GitLab CE/EE starting from 0.8.0 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
3.5
CVSSv2
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an malicious user to bypass CODEOWNE...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4
CVSSv2
CVE-2021-39911
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook d...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
7.2
CVSSv2
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an attacker with local file system access to obtain system ...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
NA
CVE-2022-3572
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
4.3
CVSSv2
CVE-2022-0344
An issue has been discovered in GitLab affecting all versions starting from 10.0 prior to 14.5.4, all versions starting from 10.1 prior to 14.6.4, all versions starting from 10.2 prior to 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when a...
Gitlab Gitlab
Gitlab Gitlab 14.7.0
2.1
CVSSv2
CVE-2022-0390
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
Gitlab Gitlab
Gitlab Gitlab 14.7.0
NA
CVE-2023-5995
An issue has been discovered in GitLab EE affecting all versions starting from 16.2 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for an malicious user to abuse the policy bot to gain access to i...
Gitlab Gitlab
Gitlab Gitlab 16.6.0
NA
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries ...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
6.5
CVSSv2
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. When group SAML SSO is configured, the SCIM feature (availabl...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »