14 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-3922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions...
CVE-2023-5207
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...
PT-2023-31754 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.12 through 16.2.8 GitLab EE versions 16.3.0 through 16.3.5 GitLab EE versions 16.4.0 through 16.4.1 Description: An issue has been discovered in Ultimate-licensed GitLab EE that could allow an attacker to impersonate use...
CVE-2023-5198
An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...
Code injection
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...
CVE-2023-3917
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail...
UBUNTU-CVE-2023-3917
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail...
CVE-2023-0989 Improper Ownership Management in GitLab
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...
GitLab CE/EE Security Vulnerabilities
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE. An attacker could exploit this...
GitLab 16.2 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4532)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were...
GitLab 15.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4379)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge...
PT-2023-29496 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are...
PT-2023-26802 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 16.2.8 GitLab EE version 16.3 prior to 16.3.5 GitLab EE version 16.4 prior to 16.4.1 Description: A business logic error in GitLab EE allows access to internal projects. This occurs because a service account is not...
PT-2023-26824 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: Gitlab EE and CE versions prior to 16.2.8 Gitlab EE and CE version 16.3 prior to 16.3.5 Gitlab EE and CE version 16.4 prior to 16.4.1 Description: The issue allows an attacker to cause pipelines to fail, resulting in a Denial of Service. This...