Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5933
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
Gitlab Gitlab 16.8.0
Gitlab Gitlab
NA
CVE-2023-5963
An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 before 16.4.2 and 16.5 before 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.
Gitlab Gitlab
Gitlab Gitlab 16.5.0
NA
CVE-2018-17451
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17453
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17454
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is stored XSS on the issue details screen.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17455
An issue exists in GitLab Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge re...
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17536
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is stored XSS on the merge request page via project import.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17537
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Gitlab Gitlab
Gitlab Gitlab 11.3.0
578
VMScore
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. When group SAML SSO is configured, the SCIM feature (availabl...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
356
VMScore
CVE-2022-1783
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 prior to 14.9.5, all versions starting from 14.10 prior to 14.10.4, all versions starting from 15.0 prior to 15.0.1. It may be possible for malicious group maintainers to add new members to a p...
Gitlab Gitlab
Gitlab Gitlab 15.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »