Filtered by vendor Gitlab
Subscribe
Total
981 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5207 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.8 HIGH |
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | |||||
CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.1 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | |||||
CVE-2023-3424 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.3 MEDIUM |
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | |||||
CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | |||||
CVE-2023-2200 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.4 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field. | |||||
CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | |||||
CVE-2023-3484 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations. | |||||
CVE-2023-5009 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. | |||||
CVE-2023-3917 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | |||||
CVE-2023-4532 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | |||||
CVE-2023-4647 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | |||||
CVE-2023-1555 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | |||||
CVE-2023-5825 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. | |||||
CVE-2023-3210 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. | |||||
CVE-2022-4343 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | |||||
CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | |||||
CVE-2023-5198 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. | |||||
CVE-2023-2576 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch. | |||||
CVE-2023-2233 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. |