Lucene search
K

115 matches found

Cvelist
Cvelist
added 2025/06/26 5:31 a.m.8 views

CVE-2025-2938 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

3.1CVSS0.00266EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/06/25 12:0 a.m.4 views

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts GitLab CE/EE Improper access control issue impacts GitLab CE/EE Elevation of Privilege impacts GitLab CE/EE Improper access control issue impacts GitLab EE...

8.8CVSS7.3AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:38 a.m.2 views

CVE-2025-2443

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

8.7CVSS7AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/14 2:24 p.m.2 views

CVE-2024-9512

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.9CVSS5.5AI score0.00217EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/06/11 12:0 a.m.7 views

Gitlab -- Vulnerabilities

Gitlab reports: HTML injection impacts GitLab CE/EE Cross-site scripting issue impacts GitLab CE/EE Missing authorization issue impacts GitLab Ultimate EE Denial of Service impacts GitLab CE/EE Denial of Service via unbounded Webhook token names impacts GitLab CE/EE Denial of Service via unbounde...

9.9CVSS6.9AI score0.07524EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.7 views

CVE-2024-5423

Multiple Denial of Service DoS conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline...

6.5CVSS6.4AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 p.m.18 views

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

9.8CVSS6.6AI score0.01068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.5 views

CVE-2019-19314

GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext...

7.5CVSS6.4AI score0.00806EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:19 a.m.5 views

CVE-2019-14942

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages which have access control could be sent over cleartext HTTP...

5.9CVSS6.5AI score0.00456EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/05/21 12:0 a.m.25 views

Gitlab -- vulnerabilities

Gitlab reports: Unprotected large blob endpoint in GitLab allows Denial of Service Improper XPath validation allows modified SAML response to bypass 2FA requirement A Discord webhook integration may cause DoS Unbounded Kubernetes cluster tokens may lead to DoS Unvalidated notes position may lead ...

7.5CVSS6.7AI score0.00484EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2025/05/07 12:0 a.m.27 views

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

6.8CVSS7AI score0.0033EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2025/04/23 12:0 a.m.29 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...

8.7CVSS5.7AI score0.00522EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/03/27 12:31 p.m.13 views

CVE-2024-9773 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...

3.7CVSS4.1AI score0.00238EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/07 2:12 p.m.10 views

CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/12 11:30 a.m.19 views

CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...

4CVSS0.00212EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 11:30 a.m.4 views

CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...

4CVSS6.2AI score0.00212EPSS
Exploits0References4
CVE
CVE
added 2024/12/12 11:30 a.m.741 views

CVE-2024-12292

GitLab CE/EE (versions 11.0–17.4.6, 17.5–17.5.4, 17.6–17.6.2) is affected by CVE-2024-12292 due to sensitive data passed in GraphQL mutations being retained in GraphQL logs. Root cause: logging of GraphQL mutation payloads potentially exposes confidential information. Impact: information disclosu...

4CVSS3.9AI score0.00212EPSS
Exploits0References1Affected Software1
Chainguard
Chainguard
added 2024/08/09 4:49 p.m.6 views

GHSA-JWHX-XCG6-8XHJ vulnerabilities

Vulnerabilities for packages: airflow, nemo, kserve, request-1276, dask-gateway, py3-cassandra-medusa, checkov...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.3 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE. An attacker can exploit this...

5CVSS6.3AI score0.00312EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/28 12:0 a.m.6 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control mechanisms, allowing attackers to enhance their privileges.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges...

8.7CVSS6.7AI score0.00525EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder