CVE-2023-3909

GitLab CE/EE is affected by CVE-2023-3909: A Regular Expression Denial of Service can be triggered by a very large string in timeout input within gitlab-ci.yml. Affected versions are: all 12.3–16.3.5, all 16.4.x before 16.4.2, and all 16.5.x before 16.5.1. Root cause stated is inefficient regex h...

CVE-2023-3909

Removed by vendor...

CVE-2023-3909 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2023-3246

CVE-2023-3246 affects GitLab EE/CE across multiple branches: all versions before 16.3.6, all versions from 16.4 before 16.4.2, and all versions from 16.5 before 16.5.1, with the impact described as the ability for an attacker to block the Sidekiq job processor. The connected documents reiterate t...

Default configuration

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the supersidebarloggedout feature flag enabled. Affected versions with this...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to...

CVE-2023-5825

GitLab CE/EE CVE-2023-5825 affects 16.2–16.3.5, 16.4.0–16.4.1, and 16.5.0 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path, causing memory exhaustion via an infinite loop and Denial of Service. Impact: availability only. Remediation: upgrade to GitLab 16.3...

CVE-2023-5831

GitLab CE/EE vulnerable when the super_sidebar_logged_out feature flag is enabled. Affected versions are: 16.0–16.3.5, 16.4.x prior to 16.4.2, and 16.5.x prior to 16.5.1. In these cases, with the flag enabled, there is a risk of unintentionally disclosing GitLab version metadata to unauthorized a...

CVE-2023-5831

Removed by vendor...

CVE-2023-5831 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the supersidebarloggedout feature flag enabled. Affected versions with this...

PT-2023-26778 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.3 through 16.3.6 GitLab CE/EE versions 16.4 through 16.4.2 GitLab CE/EE versions 16.5 through 16.5.1 Description: A Regular Expression Denial of Service issue was discovered, allowing an attack by adding a large strin...

You’d be surprised to know what devices are still using Windows CE

Windows CE -- an operating system that, despite being out for 27 years, never had an official explanation for why it was called "CE" -- finally reached its official end-of-life period this week. This was Microsofts first operating system for embedded and pocket devices, making an appearance on...

CVE-2023-29973

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall...

Code injection

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall...

PT-2023-22498 · Unknown · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Pfsense CE version 2.6.0 Description: The issue is related to the absence of a rate limit, which can be exploited by an attacker to create multiple malicious users in the firewall. This can lead to potential security breaches. Recommendations...

CVE-2023-29973

CVE-2023-29973 affects pfSense CE 2.6.0. The issue is a lack of rate limiting on user-creation functionality, which can allow an attacker to create multiple malicious users in the firewall. The available sources describe the vulnerable component and the root cause but do not provide explicit expl...

CVE-2023-29973

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall...

CVE-2023-29973

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall...

CVE-2023-3900

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'startsha' value on merge requests page may lead to Denial of Service as Changes tab would not load...

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...