Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-6564
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role wer...
Gitlab Gitlab 16.4.3
Gitlab Gitlab 16.5.3
Gitlab Gitlab 16.6.1
4.3
CVSSv3
CVE-2023-1071
An issue has been discovered in GitLab affecting all versions from 15.5 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an is...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
4.9
CVSSv3
CVE-2023-1098
An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1 will allow an admin to leak password from repo...
Gitlab Gitlab 15.10.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2023-1167
Improper authorization in Gitlab EE affecting all versions from 12.3.0 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1 allows an unauthorized access to security reports in MR.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
6.1
CVSSv3
CVE-2023-1279
An issue has been discovered in GitLab affecting all versions starting from 4.1 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1 where it was possible to create a URL that would redirect to a different project.
Gitlab Gitlab 16.3.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-1555
An issue has been discovered in GitLab affecting all versions starting from 15.2 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1. A namespace-level banned user can access the API.
Gitlab Gitlab 16.3.0
Gitlab Gitlab
4.9
CVSSv3
CVE-2022-0477
An issue has been discovered in GitLab affecting all versions starting from 11.9 prior to 14.5.4, all versions starting from 14.6.0 prior to 14.6.4, all versions starting from 14.7.0 prior to 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from...
Gitlab Gitlab
Gitlab Gitlab 14.7.0
4.3
CVSSv3
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge ...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4.3
CVSSv3
CVE-2021-39892
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
5.4
CVSSv3
CVE-2021-39894
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by malicious users to exploit Server Side Request Forgery attacks.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »