Filtered by vendor Gitlab
Subscribe
Total
981 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1167 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.3 MEDIUM |
Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. | |||||
CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 3.8 LOW |
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | |||||
CVE-2023-1098 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.9 MEDIUM |
An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. | |||||
CVE-2023-2181 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. | |||||
CVE-2018-17454 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. | |||||
CVE-2018-15472 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | |||||
CVE-2023-0326 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. | |||||
CVE-2023-2198 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
CVE-2023-1178 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.7 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. | |||||
CVE-2023-1265 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. | |||||
CVE-2023-2013 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | |||||
CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.1 HIGH |
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | |||||
CVE-2023-1733 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. | |||||
CVE-2023-0756 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 8.0 HIGH |
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | |||||
CVE-2018-17537 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . | |||||
CVE-2018-17452 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | |||||
CVE-2023-1417 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group. | |||||
CVE-2023-2442 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.4 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | |||||
CVE-2018-17536 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. | |||||
CVE-2023-1621 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. |