Lucene search
K

305 matches found

NVD
NVD
added 2025/05/23 1:15 p.m.9 views

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 1:15 p.m.6 views

UBUNTU-CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS5.8AI score0.00356EPSS
Exploits0References4
CVE
CVE
added 2025/05/23 12:31 p.m.48 views

CVE-2024-9163

GitLab CE/EE (versions 12.1–<17.10.7, 17.11–<17.11.3, 18.0–

7.5CVSS3.6AI score0.00356EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/23 12:31 p.m.9 views

CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

3.5CVSS6.4AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 12:31 p.m.4 views

CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

3.5CVSS6.3AI score0.00356EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/05/23 12:31 p.m.9 views

CVE-2024-9163

Removed by vendor...

7.5CVSS5.8AI score0.00356EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.7 views

CVE-2023-3511

An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a...

3.5CVSS6.4AI score0.00395EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:45 a.m.12 views

CVE-2023-3102

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR...

5.3CVSS6.1AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.5 views

CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

6.5CVSS6.8AI score0.00729EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.6 views

CVE-2023-1167

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR...

5.3CVSS6.8AI score0.00563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.8 views

CVE-2022-4143

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization...

6.4CVSS6.5AI score0.0076EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.4 views

CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances...

4.3CVSS6.3AI score0.00931EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.5 views

CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

6.5CVSS6.8AI score0.00765EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.5 views

CVE-2021-22176

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests...

4.3CVSS6.9AI score0.01001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 a.m.11 views

CVE-2019-13006

An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control...

4.3CVSS6.5AI score0.0077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:42 a.m.10 views

CVE-2019-5466

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...

4.3CVSS6.4AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 a.m.9 views

CVE-2019-15731

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so...

5.3CVSS6.5AI score0.01243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:38 a.m.9 views

CVE-2019-15723

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

5.3CVSS6.5AI score0.01271EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 10:2 a.m.154 views

CVE-2024-10307

GitLab EE/CE vulnerability CVE-2024-10307 affects all versions before 17.8.6 (12.10+), before 17.9.3 (17.9+), and before 17.10.1 (17.10+). A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. Practical impact is the potential resource exhaus...

5.5CVSS6.7AI score0.00245EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/07 12:3 p.m.6 views

CVE-2024-9631

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow...

7.5CVSS6.4AI score0.00703EPSS
Exploits1References1
Rows per page
Query Builder