Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Total 981 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0632 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.
CVE-2023-3909 1 Gitlab 1 Gitlab 2023-12-10 N/A 6.5 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.
CVE-2023-1210 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.
CVE-2023-3900 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.
CVE-2023-3399 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.7 HIGH
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.
CVE-2023-5106 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.
CVE-2023-1401 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.
CVE-2023-3115 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.
CVE-2023-2164 1 Gitlab 1 Gitlab 2023-12-10 N/A 5.4 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.
CVE-2023-2022 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
CVE-2023-3994 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.
CVE-2023-3915 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.2 HIGH
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.
CVE-2023-3922 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.1 HIGH
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.
CVE-2023-4011 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.
CVE-2023-3500 1 Gitlab 1 Gitlab 2023-12-10 N/A 6.1 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.
CVE-2023-2190 1 Gitlab 1 Gitlab 2023-12-10 N/A 6.5 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.
CVE-2023-0120 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.
CVE-2023-3920 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.
CVE-2023-3364 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.
CVE-2023-3246 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.