CVE-2024-8970

GitLab CE/EE vulnerable in multiple versions (11.6–17.2.9, 17.3–17.3.5, 17.4–17.4.2) where an attacker could trigger a pipeline as another user under certain conditions. Affected projects include GitLab CE/EE; the issue is addressed in updated releases. Public references point to GitLab issues an...

CVE-2024-9164 Missing Authentication for Critical Function in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab version 17.1 up to and including...

PT-2024-7212 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.2.9 GitLab EE versions 17.3 through 17.3.5 GitLab EE versions 17.4 through 17.4.2 Description: An issue has been discovered in GitLab EE, allowing an unauthenticated attacker to determine the GitLab version...

PT-2024-7210 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 Description: An issue was discovered in GitLab CE/EE, which allows deploy keys to push to an archived repository. Th...

PT-2024-7224 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 17.1 through 17.2.9 GitLab versions 17.3 through 17.3.5 GitLab versions 17.4 through 17.4.2 Description: A cross-site scripting issue has been discovered in GitLab. The issue is related to the lack of protection of the web pag...