CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

CVE-2026-4524 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper...

EUVD-2022-4756

Malicious code in bioql PyPI...

EUVD-2023-2031

Malicious code in bioql PyPI...

EUVD-2022-5014

Malicious code in bioql PyPI...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process. This allows attackers to circumvent security restrictions and gain read-only access as well as edit access to data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain read-only access as well as the ability to...

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

CVE-2019-10372

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login...

The vulnerability of the Wiki History Diff component of the Git-based software platform for collaborative code development on GitLab allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Wiki History Diff component in the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access t...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-39153

CVE-2023-39153 is a CSRF vulnerability in Jenkins GitLab Authentication Plugin versions ≤ 1.17.1. The flaw allows an attacker to lure a logged-in user into authenticating to the attacker’s account, via a crafted request, effectively abusing the OAuth flow. The root cause is the plugin’s lack of a...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

Jenkins GitLab Authentication Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...