Red Hat Quay 安全漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has a security vulnerability; this vulnerability stems from the fact that GitLab’s OAuth verifier transmits sensitive credentials as plain-text parameters in URL queries, which may lead to...

EUVD-2021-8702

Malicious code in bioql PyPI...

EUVD-2022-43160

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-0516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform...

GHSA-652X-M2GR-HPPM OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

CVE-2025-5195 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure...

CVE-2025-5195

CVE-2025-5195 affects GitLab CE/EE across all versions 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The issue allows authenticated users to access arbitrary compliance frameworks, resulting in unauthorized data disclosure. The vulnerability is described across multiple sourc...

CVE-2024-0456

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

CVE-2019-13005

An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control...

CVE-2024-10925 Authorization Bypass Through User-Controlled Key in GitLab

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML...

CVE-2025-0516 Incorrect Authorization in GitLab

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

CVE-2025-0516

CVE-2025-0516 affects GitLab CE/EE. The vulnerability is caused by improper authorization that allows users with limited permissions to perform unauthorized actions on critical project data. Affected versions are GitLab: 17.7 before 17.7.4 and 17.8 before 17.8.2; these are vulnerable, per the pro...

BIT-GITLAB-2020-13313

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. An authorization issue vulnerability exists in Gitlab Community Edition versio...

PT-2021-14486 · Unknown · Oauth2 Proxy

Name of the Vulnerable Software and Affected Versions: OAuth2-Proxy versions 7.0.0 through 7.0.x Description: The --gitlab-group flag for group-based authorization in the GitLab provider stopped working, allowing any authenticated users to access applications regardless of --gitlab-group membersh...

CVE-2021-22186

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners...

GitLab Authorization Issues Vulnerability (CNVD-2021-26107)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...

Authorization

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...