Vulnerabilities managed in GitLab Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition versions, ranging from 12.0 to 19.0.2, including important releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities affect various components of GitLab CE & EE. Authorized users...

UBUNTU-CVE-2026-6976

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

EUVD-2026-36228

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

Linux Distros Unpatched Vulnerability : CVE-2024-8312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inje...

SUSE CVE-2025-23216

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

CVE-2025-23216 Argo CD does not scrub secret values from patch errors

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

PT-2025-5629 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.13.4 Argo CD versions prior to 2.12.10 Argo CD versions prior to 2.11.13 Description: A vulnerability was discovered that exposes secret values in error messages and the diff view when an invalid Kubernetes Secret...

UBUNTU-CVE-2024-8312

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...

PT-2024-9136 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: An issue has been discovered in GitLab CE/EE that could allow an attacker to inject HTML into the Glob...

DRUPAL-CONTRIB-2024-042

This module adds a tab for sufficiently permissioned users. The tab shows all revisions like standard Drupal but it also allows pretty viewing of all added/changed/deleted words between revisions. The module doesn't sufficiently check revision access before rendering a diff report for 1 nodes or ...

SUSE CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

Fedora 14 : cgit-0.9-1.fc14 (2011-2803)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora 13 : cgit-0.9-1.fc13 (2011-2815)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora Core 11 FEDORA-2009-13634 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13634. OpenVAS Vulnerability Test $Id: fcore200913634.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13634 viewvc Authors: Thomas Reinke Copyright: Copyright c 2009...

Fedora Core 12 FEDORA-2009-13610 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13610. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

Fedora 11 : viewvc-1.1.3-1.fc11 (2009-13634)

security fix: add root listing support of per-root authz config security fix: query.py requires 'forbidden' authorizer or none in config fix URL- ification of truncated log messages issue 3 fix regexp input validation issue 426, 427, 440 add support for configurable tab-to-spaces conversion fix...

Fedora 12 : viewvc-1.1.3-1.fc12 (2009-13610)

security fix: add root listing support of per-root authz config security fix: query.py requires 'forbidden' authorizer or none in config fix URL- ification of truncated log messages issue 3 fix regexp input validation issue 426, 427, 440 add support for configurable tab-to-spaces conversion fix...