Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gitlab vulnerabilities and exploits

(subscribe to this query)

6.5
CVSSv2
CVE-2017-11438
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup....
Gitlab Gitlab 9.2.0Gitlab Gitlab 9.2.2Gitlab Gitlab 9.1.1Gitlab Gitlab 9.1.3Gitlab Gitlab 9.0.8Gitlab Gitlab 9.0.6Gitlab Gitlab 9.0.1Gitlab Gitlab 9.2.7Gitlab Gitlab 9.0.10Gitlab Gitlab 9.2.4Gitlab Gitlab 9.0.5Gitlab Gitlab 9.2.5Gitlab Gitlab 9.0.2Gitlab Gitlab 9.1.5Gitlab Gitlab 9.0.4Gitlab Gitlab 9.0.3Gitlab Gitlab 9.1.4Gitlab Gitlab 9.2.3Gitlab Gitlab 9.2.6Gitlab Gitlab 9.1.7Gitlab Gitlab 9.0.7Gitlab Gitlab 9.1.6Gitlab Gitlab 9.0.9Gitlab Gitlab 9.2.1Gitlab Gitlab 9.0.0Gitlab Gitlab 9.1.0Gitlab Gitlab 9.1.2
6.5
CVSSv2
CVE-2013-4546
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL....
Gitlab Gitlab 6.0.0Gitlab Gitlab 5.1.0Gitlab Gitlab 5.3.0Gitlab Gitlab-shell 1.3.0Gitlab Gitlab-shell 1.5.0Gitlab Gitlab-shellGitlab Gitlab 5.4.1Gitlab Gitlab 5.4.2Gitlab Gitlab-shell 1.0.4Gitlab Gitlab-shell 1.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1Gitlab Gitlab-shell 1.7.1Gitlab Gitlab 5.0.1Gitlab Gitlab 6.2.2Gitlab Gitlab 5.2.0Gitlab Gitlab-shell 1.7.2Gitlab Gitlab-shell 1.2.0Gitlab Gitlab 6.1.0Gitlab Gitlab-shell 1.7.0Gitlab Gitlab-shell 1.4.0Gitlab Gitlab 5.0.0Gitlab Gitlab 5.4.0Gitlab Gitlab-shell 1.6.0
5
CVSSv2
CVE-2016-9469
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an...
Gitlab Gitlab 8.13.0Gitlab Gitlab 8.13.1Gitlab Gitlab 8.14.0Gitlab Gitlab 8.14.1Gitlab Gitlab 8.13.4Gitlab Gitlab 8.13.5Gitlab Gitlab 8.13.2Gitlab Gitlab 8.13.3Gitlab Gitlab 8.13.6Gitlab Gitlab 8.13.7Gitlab Gitlab 8.14.2
4
CVSSv2
CVE-2017-0882
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC....
Gitlab Gitlab 8.14.2Gitlab Gitlab 8.14.3Gitlab Gitlab 8.14.4Gitlab Gitlab 8.14.5Gitlab Gitlab 8.15.0Gitlab Gitlab 8.15.1Gitlab Gitlab 8.15.2Gitlab Gitlab 8.15.3Gitlab Gitlab 8.5.0Gitlab Gitlab 8.4.10Gitlab Gitlab 8.4.9Gitlab Gitlab 8.4.0Gitlab Gitlab 8.16.5Gitlab Gitlab 8.17.3Gitlab Gitlab 8.13.3Gitlab Gitlab 8.12.0Gitlab Gitlab 8.15.6Gitlab Gitlab 8.17.2Gitlab Gitlab 8.12.7Gitlab Gitlab 8.16.7Gitlab Gitlab 8.10.13Gitlab Gitlab 8.16.2Gitlab Gitlab 8.15.4Gitlab Gitlab 8.11.10Gitlab Gitlab 8.11.9Gitlab Gitlab 8.13.0Gitlab Gitlab 8.16.1Gitlab Gitlab 8.2.4Gitlab Gitlab 8.3.0Gitlab Gitlab 8.3.9Gitlab Gitlab 8.5.11Gitlab Gitlab 8.10.0Gitlab Gitlab 8.16.0Gitlab Gitlab 8.6.0Gitlab Gitlab 8.17.0Gitlab Gitlab 8.16.3Gitlab Gitlab 8.6.7Gitlab Gitlab 8.13.2Gitlab Gitlab 8.16.4Gitlab Gitlab 8.6.8Gitlab Gitlab 8.2.5Gitlab Gitlab 8.14.0Gitlab Gitlab 8.2.3Gitlab Gitlab 8.14.1Gitlab Gitlab 8.7.0Gitlab Gitlab 8.2.1Gitlab Gitlab 8.11.0Gitlab Gitlab 8.15.5Gitlab Gitlab 8.7.1Gitlab Gitlab 8.2.2Gitlab Gitlab 8.14.6Gitlab Gitlab 8.17.1Gitlab Gitlab 8.16.6Gitlab Gitlab 8.10.12Gitlab Gitlab 8.2.0Gitlab Gitlab 8.12.8Gitlab Gitlab 8.3.8Gitlab Gitlab 8.15.7Gitlab Gitlab 8.5.12
6.8
CVSSv2
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import....
Gitlab Gitlab 9.3.2Gitlab Gitlab 9.3.3Gitlab Gitlab 9.3.4Gitlab Gitlab 9.3.5Gitlab Gitlab 9.3.8Gitlab Gitlab 9.3.9Gitlab Gitlab 9.2.0Gitlab Gitlab 9.2.1Gitlab Gitlab 9.2.2Gitlab Gitlab 9.2.5Gitlab Gitlab 9.2.6Gitlab Gitlab 9.2.7Gitlab Gitlab 9.4.0Gitlab Gitlab 9.0.12Gitlab Gitlab 9.3.6Gitlab Gitlab 9.2.8Gitlab Gitlab 9.2.4Gitlab Gitlab 9.1.4Gitlab Gitlab 9.1.0Gitlab Gitlab 9.3.1Gitlab Gitlab 9.4.3Gitlab GitlabGitlab Gitlab 9.0.9Gitlab Gitlab 9.1.5Gitlab Gitlab 9.0.10Gitlab Gitlab 9.1.2Gitlab Gitlab 9.2.3Gitlab Gitlab 9.1.3Gitlab Gitlab 9.3.7Gitlab Gitlab 9.0.11Gitlab Gitlab 9.0.2Gitlab Gitlab 9.0.8Gitlab Gitlab 9.0.1Gitlab Gitlab 9.0.6Gitlab Gitlab 9.1.6Gitlab Gitlab 9.1.7Gitlab Gitlab 9.1.1Gitlab Gitlab 9.1.8Gitlab Gitlab 9.0.5Gitlab Gitlab 9.1.9Gitlab Gitlab 9.4.1Gitlab Gitlab 9.3.0Gitlab Gitlab 9.2.9Gitlab Gitlab 9.4.2Gitlab Gitlab 9.0.3Gitlab Gitlab 9.0.4Gitlab Gitlab 9.0.7Gitlab Gitlab 9.0.0
4
CVSSv2
CVE-2016-9086
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to...
Gitlab Gitlab 8.9.1Gitlab Gitlab 8.9.8Gitlab Gitlab 8.9.10Gitlab Gitlab 8.10.5Gitlab Gitlab 8.10.7Gitlab Gitlab 8.10.12Gitlab Gitlab 8.11.1Gitlab Gitlab 8.9.11Gitlab Gitlab 8.10.0Gitlab Gitlab 8.10.1Gitlab Gitlab 8.10.2Gitlab Gitlab 8.10.3Gitlab Gitlab 8.11.3Gitlab Gitlab 8.11.4Gitlab Gitlab 8.11.5Gitlab Gitlab 8.11.6Gitlab Gitlab 8.13.2Gitlab Gitlab 8.9.0Gitlab Gitlab 8.11.8Gitlab Gitlab 8.12.0Gitlab Gitlab 8.12.7Gitlab Gitlab 8.13.1Gitlab Gitlab 8.9.3Gitlab Gitlab 8.9.4Gitlab Gitlab 8.9.5Gitlab Gitlab 8.9.6Gitlab Gitlab 8.10.8Gitlab Gitlab 8.10.9Gitlab Gitlab 8.10.10Gitlab Gitlab 8.10.11Gitlab Gitlab 8.12.1Gitlab Gitlab 8.12.2Gitlab Gitlab 8.12.3Gitlab Gitlab 8.12.4Gitlab Gitlab 8.12.5Gitlab Gitlab 8.9.2Gitlab Gitlab 8.9.7Gitlab Gitlab 8.9.9Gitlab Gitlab 8.10.4Gitlab Gitlab 8.10.6Gitlab Gitlab 8.11.0Gitlab Gitlab 8.11.2Gitlab Gitlab 8.11.7Gitlab Gitlab 8.11.9Gitlab Gitlab 8.12.6Gitlab Gitlab 8.13.0
6.5
CVSSv2
CVE-2013-4490
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key....
Gitlab Gitlab 6.0.0Gitlab Gitlab 6.2.0Gitlab Gitlab 5.2.0Gitlab Gitlab 5.0.1Gitlab Gitlab-shellGitlab Gitlab-shell 1.4.0Gitlab Gitlab-shell 1.2.0Gitlab Gitlab-shell 1.7.1Gitlab Gitlab-shell 1.7.0Gitlab Gitlab-shell 1.6.0Gitlab Gitlab-shell 1.5.0Gitlab Gitlab 6.2.1Gitlab Gitlab 5.1.0Gitlab Gitlab 6.2.2Gitlab Gitlab-shell 1.0.4Gitlab Gitlab 6.1.0Gitlab Gitlab-shell 1.1.0Gitlab Gitlab 5.0.0Gitlab Gitlab-shell 1.3.0Gitlab Gitlab 5.3.0Gitlab Gitlab 5.4.0
6.8
CVSSv2
CVE-2013-4580
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls....
Gitlab GitlabGitlab Gitlab 3.0.1Gitlab Gitlab 3.0.0Gitlab Gitlab 2.9.1Gitlab Gitlab 2.9.0Gitlab Gitlab 1.2.0Gitlab Gitlab 1.1.0Gitlab Gitlab 1.0.2Gitlab Gitlab 1.0.1Gitlab Gitlab 5.3.0Gitlab Gitlab 5.1.0Gitlab Gitlab 4.0.0Gitlab Gitlab 2.7.0Gitlab Gitlab 5.0.1Gitlab Gitlab 2.4.0Gitlab Gitlab 2.3.0Gitlab Gitlab 5.2.0Gitlab Gitlab 0.9.4Gitlab Gitlab 3.0.3Gitlab Gitlab 3.0.2Gitlab Gitlab 2.1.0Gitlab Gitlab 2.8.0Gitlab Gitlab 2.0.0Gitlab Gitlab 0.8.0Gitlab Gitlab 3.1.0Gitlab Gitlab 2.3.1Gitlab Gitlab 2.8.1Gitlab Gitlab 1.2.1Gitlab Gitlab 2.5.0Gitlab Gitlab 2.2.0Gitlab Gitlab 2.6.0Gitlab Gitlab 5.0.0Gitlab Gitlab 4.2.0Gitlab Gitlab 4.1.0Gitlab Gitlab 1.0.0Gitlab Gitlab 5.4.0Gitlab Gitlab 0.9.1Gitlab Gitlab 1.2.2Gitlab Gitlab 0.9.6Gitlab Gitlab 6.2.2Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.0Gitlab Gitlab 6.1.0Gitlab Gitlab 5.4.1Gitlab Gitlab 5.4.2Gitlab Gitlab 6.0.0
6.5
CVSSv2
CVE-2013-4489
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature....
Gitlab Gitlab 6.0.0Gitlab Gitlab 6.1.0Gitlab Gitlab 5.4.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.2Gitlab Gitlab 5.3.0Gitlab Gitlab 6.2.1Gitlab Gitlab 5.2.0
6.5
CVSSv2
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...
Gitlab GitlabGitlab Gitlab 13.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-33742CVE-2021-33739CVE-2021-0492injectionCVE-2017-1079validationCVE-2021-22906denial of serviceCVE-2021-22912
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook