13 matches found
BIT-GITLAB-2023-2200 Improper Encoding or Escaping of Output in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...
PT-2023-25026 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.8 through 15.11.10 GitLab EE versions 16.0 through 16.0.6 GitLab EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab EE, allowing an attacker to change the name or path of a public top-lev...
CVE-2023-2620
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...
CVE-2023-2576 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...
CVE-2023-3363
Removed by vendor...
CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...
GitLab 注入漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 15.3 through 15.11.10,...
PT-2023-18352 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.10 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE that may allow users to view new commits to private...
CVE-2023-1936
Removed by vendor...
PT-2023-17352 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE, which allows an attacker to leak the email address of a...
GitLab 13.7 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-1936)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1,...