115 matches found
CVE-2025-2938 Business Logic Errors in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts GitLab CE/EE Improper access control issue impacts GitLab CE/EE Elevation of Privilege impacts GitLab CE/EE Improper access control issue impacts GitLab EE...
CVE-2025-2443
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2024-9512
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
Gitlab -- Vulnerabilities
Gitlab reports: HTML injection impacts GitLab CE/EE Cross-site scripting issue impacts GitLab CE/EE Missing authorization issue impacts GitLab Ultimate EE Denial of Service impacts GitLab CE/EE Denial of Service via unbounded Webhook token names impacts GitLab CE/EE Denial of Service via unbounde...
CVE-2024-5423
Multiple Denial of Service DoS conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline...
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...
CVE-2019-19314
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext...
CVE-2019-14942
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages which have access control could be sent over cleartext HTTP...
Gitlab -- vulnerabilities
Gitlab reports: Unprotected large blob endpoint in GitLab allows Denial of Service Improper XPath validation allows modified SAML response to bypass 2FA requirement A Discord webhook integration may cause DoS Unbounded Kubernetes cluster tokens may lead to DoS Unvalidated notes position may lead ...
Gitlab -- vulnerabilities
Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...
Gitlab -- Vulnerabilities
Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...
CVE-2024-9773 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...
CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...
CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...
CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...
CVE-2024-12292
GitLab CE/EE (versions 11.0–17.4.6, 17.5–17.5.4, 17.6–17.6.2) is affected by CVE-2024-12292 due to sensitive data passed in GraphQL mutations being retained in GraphQL logs. Root cause: logging of GraphQL mutation payloads potentially exposes confidential information. Impact: information disclosu...
GHSA-JWHX-XCG6-8XHJ vulnerabilities
Vulnerabilities for packages: airflow, nemo, kserve, request-1276, dask-gateway, py3-cassandra-medusa, checkov...
GitLab CE/EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE. An attacker can exploit this...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control mechanisms, allowing attackers to enhance their privileges.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges...