30 matches found
EUVD-2025-24601
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-7739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated use...
Linux Distros Unpatched Vulnerability : CVE-2023-0120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions...
Linux Distros Unpatched Vulnerability : CVE-2022-1999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain...
BIT-GITLAB-2025-7739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
CVE-2025-7739
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
GitLab 18.2 < 18.2.2 (CVE-2025-7739)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scriptin...
CVE-2025-7739
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
UBUNTU-CVE-2025-7739
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
CVE-2025-7739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
CVE-2025-7739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
CVE-2025-7739
GitLab CE/EE CVE-2025-7739 affects all versions 18.2 prior to 18.2.2. Under certain conditions, authenticated users could perform stored cross-site scripting by injecting malicious HTML into scoped label descriptions. Root cause described as a stored XSS vulnerability; exploitation status not det...
CVE-2025-7739
Removed by vendor...
CVE-2023-0120
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user...
CVE-2022-1999
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...
CVE-2019-15724
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection...
GitLab Label Description Uncontrolled Resource Consumption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of label descriptions. By sending a crafted request, an attacker can consu...
PT-2024-22315 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 16.8.5 GitLab CE/EE versions 16.9.0 through 16.9.2 GitLab CE/EE versions 16.10.0 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to cause a denial of service using a maliciously...
Input validation
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user...
PT-2023-16027 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 10.0 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered due to improper permission validation, allowing an unauthorized user to edit label...