Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gitlab vulnerabilities and exploits

(subscribe to this query)

4
CVSSv2
CVE-2017-0882
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC....
Gitlab Gitlab 8.2.0Gitlab Gitlab 8.2.1Gitlab Gitlab 8.2.2Gitlab Gitlab 8.2.3Gitlab Gitlab 8.2.4Gitlab Gitlab 8.2.5Gitlab Gitlab 8.3.0Gitlab Gitlab 8.3.8Gitlab Gitlab 8.3.9Gitlab Gitlab 8.4.0Gitlab Gitlab 8.4.9Gitlab Gitlab 8.4.10Gitlab Gitlab 8.5.0Gitlab Gitlab 8.5.11Gitlab Gitlab 8.5.12Gitlab Gitlab 8.6.0Gitlab Gitlab 8.6.7Gitlab Gitlab 8.6.8Gitlab Gitlab 8.7.0Gitlab Gitlab 8.7.1Gitlab Gitlab 8.10.0Gitlab Gitlab 8.10.12Gitlab Gitlab 8.10.13Gitlab Gitlab 8.11.0Gitlab Gitlab 8.11.9Gitlab Gitlab 8.11.10Gitlab Gitlab 8.12.0Gitlab Gitlab 8.12.7Gitlab Gitlab 8.12.8Gitlab Gitlab 8.13.0Gitlab Gitlab 8.13.2Gitlab Gitlab 8.13.3Gitlab Gitlab 8.14.0Gitlab Gitlab 8.14.1Gitlab Gitlab 8.14.2Gitlab Gitlab 8.14.3Gitlab Gitlab 8.14.4Gitlab Gitlab 8.14.5Gitlab Gitlab 8.14.6Gitlab Gitlab 8.15.0Gitlab Gitlab 8.15.1Gitlab Gitlab 8.15.2Gitlab Gitlab 8.15.3Gitlab Gitlab 8.15.4Gitlab Gitlab 8.15.5Gitlab Gitlab 8.15.6Gitlab Gitlab 8.15.7Gitlab Gitlab 8.16.0Gitlab Gitlab 8.16.1Gitlab Gitlab 8.16.2Gitlab Gitlab 8.16.3Gitlab Gitlab 8.16.4Gitlab Gitlab 8.16.5Gitlab Gitlab 8.16.6Gitlab Gitlab 8.16.7Gitlab Gitlab 8.17.0Gitlab Gitlab 8.17.1Gitlab Gitlab 8.17.2Gitlab Gitlab 8.17.3
6.5
CVSSv2
CVE-2013-4490
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key....
Gitlab Gitlab 5.0.0Gitlab Gitlab 5.0.1Gitlab Gitlab 5.1.0Gitlab Gitlab 5.2.0Gitlab Gitlab 5.3.0Gitlab Gitlab 5.4.0Gitlab Gitlab 6.0.0Gitlab Gitlab 6.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.2Gitlab Gitlab-shell 1.0.4Gitlab Gitlab-shell 1.1.0Gitlab Gitlab-shell 1.2.0Gitlab Gitlab-shell 1.3.0Gitlab Gitlab-shell 1.4.0Gitlab Gitlab-shell 1.5.0Gitlab Gitlab-shell 1.6.0Gitlab Gitlab-shell 1.7.0Gitlab Gitlab-shell 1.7.1Gitlab Gitlab-shell
6.5
CVSSv2
CVE-2017-11438
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup....
Gitlab Gitlab 9.0.0Gitlab Gitlab 9.0.1Gitlab Gitlab 9.0.2Gitlab Gitlab 9.0.3Gitlab Gitlab 9.0.4Gitlab Gitlab 9.0.5Gitlab Gitlab 9.0.6Gitlab Gitlab 9.0.7Gitlab Gitlab 9.0.8Gitlab Gitlab 9.0.9Gitlab Gitlab 9.0.10Gitlab Gitlab 9.1.0Gitlab Gitlab 9.1.1Gitlab Gitlab 9.1.2Gitlab Gitlab 9.1.3Gitlab Gitlab 9.1.4Gitlab Gitlab 9.1.5Gitlab Gitlab 9.1.6Gitlab Gitlab 9.1.7Gitlab Gitlab 9.2.0Gitlab Gitlab 9.2.1Gitlab Gitlab 9.2.2Gitlab Gitlab 9.2.3Gitlab Gitlab 9.2.4Gitlab Gitlab 9.2.5Gitlab Gitlab 9.2.6Gitlab Gitlab 9.2.7
6.5
CVSSv2
CVE-2013-4546
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL....
Gitlab Gitlab 5.0.0Gitlab Gitlab 5.0.1Gitlab Gitlab 5.1.0Gitlab Gitlab 5.2.0Gitlab Gitlab 5.3.0Gitlab Gitlab 5.4.0Gitlab Gitlab 5.4.1Gitlab Gitlab 5.4.2Gitlab Gitlab 6.0.0Gitlab Gitlab 6.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.2Gitlab Gitlab-shell 1.0.4Gitlab Gitlab-shell 1.1.0Gitlab Gitlab-shell 1.2.0Gitlab Gitlab-shell 1.3.0Gitlab Gitlab-shell 1.4.0Gitlab Gitlab-shell 1.5.0Gitlab Gitlab-shell 1.6.0Gitlab Gitlab-shell 1.7.0Gitlab Gitlab-shell 1.7.1Gitlab Gitlab-shell 1.7.2Gitlab Gitlab-shell
5
CVSSv2
CVE-2016-9469
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an...
Gitlab Gitlab 8.13.0Gitlab Gitlab 8.13.1Gitlab Gitlab 8.13.2Gitlab Gitlab 8.13.3Gitlab Gitlab 8.13.4Gitlab Gitlab 8.13.5Gitlab Gitlab 8.13.6Gitlab Gitlab 8.13.7Gitlab Gitlab 8.14.0Gitlab Gitlab 8.14.1Gitlab Gitlab 8.14.2
6.8
CVSSv2
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import....
Gitlab GitlabGitlab Gitlab 9.0.0Gitlab Gitlab 9.0.1Gitlab Gitlab 9.0.2Gitlab Gitlab 9.0.3Gitlab Gitlab 9.0.4Gitlab Gitlab 9.0.5Gitlab Gitlab 9.0.6Gitlab Gitlab 9.0.7Gitlab Gitlab 9.0.8Gitlab Gitlab 9.0.9Gitlab Gitlab 9.0.10Gitlab Gitlab 9.0.11Gitlab Gitlab 9.0.12Gitlab Gitlab 9.1.0Gitlab Gitlab 9.1.1Gitlab Gitlab 9.1.2Gitlab Gitlab 9.1.3Gitlab Gitlab 9.1.4Gitlab Gitlab 9.1.5Gitlab Gitlab 9.1.6Gitlab Gitlab 9.1.7Gitlab Gitlab 9.1.8Gitlab Gitlab 9.1.9Gitlab Gitlab 9.2.0Gitlab Gitlab 9.2.1Gitlab Gitlab 9.2.2Gitlab Gitlab 9.2.3Gitlab Gitlab 9.2.4Gitlab Gitlab 9.2.5Gitlab Gitlab 9.2.6Gitlab Gitlab 9.2.7Gitlab Gitlab 9.2.8Gitlab Gitlab 9.2.9Gitlab Gitlab 9.3.0Gitlab Gitlab 9.3.1Gitlab Gitlab 9.3.2Gitlab Gitlab 9.3.3Gitlab Gitlab 9.3.4Gitlab Gitlab 9.3.5Gitlab Gitlab 9.3.6Gitlab Gitlab 9.3.7Gitlab Gitlab 9.3.8Gitlab Gitlab 9.3.9Gitlab Gitlab 9.4.0Gitlab Gitlab 9.4.1Gitlab Gitlab 9.4.2Gitlab Gitlab 9.4.3
4
CVSSv2
CVE-2016-9086
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to...
Gitlab Gitlab 8.9.0Gitlab Gitlab 8.9.1Gitlab Gitlab 8.9.2Gitlab Gitlab 8.9.3Gitlab Gitlab 8.9.4Gitlab Gitlab 8.9.5Gitlab Gitlab 8.9.6Gitlab Gitlab 8.9.7Gitlab Gitlab 8.9.8Gitlab Gitlab 8.9.9Gitlab Gitlab 8.9.10Gitlab Gitlab 8.9.11Gitlab Gitlab 8.10.0Gitlab Gitlab 8.10.1Gitlab Gitlab 8.10.2Gitlab Gitlab 8.10.3Gitlab Gitlab 8.10.4Gitlab Gitlab 8.10.5Gitlab Gitlab 8.10.6Gitlab Gitlab 8.10.7Gitlab Gitlab 8.10.8Gitlab Gitlab 8.10.9Gitlab Gitlab 8.10.10Gitlab Gitlab 8.10.11Gitlab Gitlab 8.10.12Gitlab Gitlab 8.11.0Gitlab Gitlab 8.11.1Gitlab Gitlab 8.11.2Gitlab Gitlab 8.11.3Gitlab Gitlab 8.11.4Gitlab Gitlab 8.11.5Gitlab Gitlab 8.11.6Gitlab Gitlab 8.11.7Gitlab Gitlab 8.11.8Gitlab Gitlab 8.11.9Gitlab Gitlab 8.12.0Gitlab Gitlab 8.12.1Gitlab Gitlab 8.12.2Gitlab Gitlab 8.12.3Gitlab Gitlab 8.12.4Gitlab Gitlab 8.12.5Gitlab Gitlab 8.12.6Gitlab Gitlab 8.12.7Gitlab Gitlab 8.13.0Gitlab Gitlab 8.13.1Gitlab Gitlab 8.13.2
6.8
CVSSv2
CVE-2013-4580
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls....
Gitlab Gitlab 0.8.0Gitlab Gitlab 0.9.1Gitlab Gitlab 0.9.4Gitlab Gitlab 0.9.6Gitlab Gitlab 1.0.0Gitlab Gitlab 1.0.1Gitlab Gitlab 1.0.2Gitlab Gitlab 1.1.0Gitlab Gitlab 1.2.0Gitlab Gitlab 1.2.1Gitlab Gitlab 1.2.2Gitlab Gitlab 2.0.0Gitlab Gitlab 2.1.0Gitlab Gitlab 2.2.0Gitlab Gitlab 2.3.0Gitlab Gitlab 2.3.1Gitlab Gitlab 2.4.0Gitlab Gitlab 2.5.0Gitlab Gitlab 2.6.0Gitlab Gitlab 2.7.0Gitlab Gitlab 2.8.0Gitlab Gitlab 2.8.1Gitlab Gitlab 2.9.0Gitlab Gitlab 2.9.1Gitlab Gitlab 3.0.0Gitlab Gitlab 3.0.1Gitlab Gitlab 3.0.2Gitlab Gitlab 3.0.3Gitlab Gitlab 3.1.0Gitlab Gitlab 4.0.0Gitlab Gitlab 4.1.0Gitlab Gitlab 4.2.0Gitlab Gitlab 5.0.0Gitlab Gitlab 5.0.1Gitlab Gitlab 5.1.0Gitlab Gitlab 5.2.0Gitlab Gitlab 5.3.0Gitlab Gitlab 5.4.0Gitlab GitlabGitlab Gitlab 5.4.1Gitlab Gitlab 5.4.2Gitlab Gitlab 6.0.0Gitlab Gitlab 6.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.2
6.5
CVSSv2
CVE-2013-4489
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature....
Gitlab Gitlab 5.2.0Gitlab Gitlab 5.3.0Gitlab Gitlab 5.4.0Gitlab Gitlab 6.0.0Gitlab Gitlab 6.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.2
4
CVSSv2
CVE-2020-13333
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage....
Gitlab Gitlab 13.1.0Gitlab Gitlab 13.2.0Gitlab Gitlab 13.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2021-24218CVE-2021-24086cameraCVE-2021-24198CVE-2018-13379XML external entityCVE-2021-24229CVE-2021-3465
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook