Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

Linux Distros Unpatched Vulnerability : CVE-2024-3976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from...

Linux Distros Unpatched Vulnerability : CVE-2023-0921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated...

CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles issue descriptions. An attacker can exploit this vulnerability to inject malicious code into an issue description, which can then be executed by other users when they...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lack of length validation of the library, which allows an attacker to create large issue descriptions via GraphQL, leading to an application crash...

CVE-2023-0921

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

Input validation

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

PT-2023-16619 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.3 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: A lack of length validation in GitLab CE/EE allows an authenticated attacker to create a large Issue...

CVE-2023-0921 Allocation of Resources Without Limits or Throttling in GitLab

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

PT-2023-17245 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where a search timeout could be triggered if a specific HTML payload was used in the issue description...

UBUNTU-CVE-2022-3411

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

CVE-2022-1190

Removed by vendor...

CVE-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc...

PT-2022-2256 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.3 through 14.7.6 GitLab CE/EE versions 14.8 through 14.8.4 GitLab CE/EE versions 14.9 through 14.9.1 Description: The issue is related to improper handling of user input, allowing an attacker to exploit a stored XSS by...

UBUNTU-CVE-2021-22216

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description...

JetBrains YouTrack Information Disclosure Vulnerability (CNVD-2020-49948)

YouTrack is a keyboard-based issue and project tracking tool from the Czech company JetBrains, primarily used for tracking tasks and defect correction arrangements during development. An information disclosure vulnerability exists in JetBrains YouTrack, which can be exploited by an attacker to...