Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4011 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS. | |||||
| CVE-2023-3364 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint. | |||||
| CVE-2023-5207 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.8 HIGH |
| A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | |||||
| CVE-2023-3424 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2023-3917 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | |||||
| CVE-2023-4647 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | |||||
| CVE-2023-2825 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | |||||
| CVE-2018-17455 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature. | |||||
| CVE-2018-17449 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. | |||||
| CVE-2018-17451 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. | |||||
| CVE-2023-2132 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2023-2182 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.8 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. | |||||
| CVE-2023-2199 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2018-15472 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | |||||
| CVE-2023-2198 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.1 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | |||||
| CVE-2023-1733 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. | |||||
| CVE-2023-0756 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.0 HIGH |
| An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | |||||
| CVE-2023-0121 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | |||||
| CVE-2022-4037 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider. | |||||