Linux Distros Unpatched Vulnerability : CVE-2023-6682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from...

Linux Distros Unpatched Vulnerability : CVE-2024-5469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC...

XWiki Platform 输入验证错误漏洞

XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. An input validation error vulnerability exists in XWiki Platform versions 17.0.0-rc1 through 17.2.2 and 16.10.5 and earlier, which stems from an uncleaned SQL query and could lead to a SQL...

UBUNTU-CVE-2024-2878

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names...

PT-2024-36405 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.10.0 through 16.10.5 GitLab CE/EE versions 16.11.0 through 16.11.2 Description: The issue allows an attacker to crash KAS via crafted gRPC requests, potentially leading to a denial of service. Recommendations: For...

BIT-GITLAB-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

BIT-GITLAB-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF...

PT-2024-4401 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.11 through 16.10.5 GitLab versions 16.11 through 16.11.2 GitLab versions 17.0 through 17.0.0 Description: A cross-site scripting XSS condition exists within GitLab. By leveraging this condition, an attacker can craft a...

UBUNTU-CVE-2024-2651

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from an issue wit...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a pin endpoi...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to cause a denial-of-service, access gain access to and manipulate system data, or launch a Server-Side Request Forgery SSRF exploit. Such an attack can lead to execution of...

CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request...

CVE-2024-4597

CVE-2024-4597 describes a Cross-Site Request Forgery (CSRF) in GitLab Enterprise Edition that can force a user with an active SAML session to approve a merge request via CSRF. Affected versions include GitLab EE 16.7–16.9.7, 16.10–16.10.5, and 16.11–16.11.2. Impact described as enabling unauthori...

PT-2025-5683 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.2 through 16.9.7 GitLab EE versions 16.10 through 16.10.5 GitLab EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab EE, allowing the disclosure of updates to issues to a banned group...

Visual Studio 2019 version 16.10.0 to 16.10.5 update

Visual Studio 2019 version 16.10.0 to 16.10.5 security update. This update applies to all affected editions of Visual Studio 2019 version 16.10. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the...