CVE-2023-5207

Affected software: GitLab CE/EE. Vulnerability summary: An authenticated attacker could perform arbitrary pipeline execution under the context of another user. Affected versions include GitLab 16.0 and later up to but not including 16.2.8, 16.3 up to but not including 16.3.5, and 16.4 up to but n...

CVE-2023-0989 Improper Ownership Management in GitLab

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...

CVE-2023-2233

Removed by vendor...

CVE-2023-2233

CVE-2023-2233 – GitLab CE/EE is affected by an improper authorization issue that could allow a project reporter to leak the owner’s Sentry instance projects. Affected versions include 11.8–16.2.8, 16.3–16.3.5, and 16.4–16.4.1. The available documents indicate the root cause as improper authorizat...

CVE-2023-3917

Removed by vendor...

GitLab 11.8 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-2233)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting fro...

Advantech EKI-1524-CE series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Advantech Equipment : EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities : Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of these...

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

CVE-2023-4378 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

CVE-2023-4378

GitLab CVE-2023-4378 affects GitLab CE/EE versions: 11.8–16.1.4, 16.2.0–16.2.4, and 16.3.0–16.3.0 (i.e., before 16.1.5, 16.2.5, and 16.3.1 respectively). The issue enables a Maintainer to leak the Sentry token by altering the Sentry error-tracking URL, stemming from an incomplete fix for CVE-2022...

The vulnerability of the CMD_W_REG command processor in the CE_A protocol implementation of the CE805M data collection and transmission device allows a perpetrator to modify parameters so that commands of the operating system are executed during automatic updates of the application software.

The vulnerability of the CMDWREG command processor in the CEA protocol implementation of the CE805M device for data collection and transmission is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to modify parameters so that system commands are executed...

The vulnerability of the CE_A protocol implementation in the data collection and transmission device CE805M allows a hacker to modify the equipment settings.

The vulnerability of the CEA protocol implementation in the data collection and transmission device CE805M is related to an undocumented user account called SUPERVISOR. Exploiting this vulnerability could allow a malicious actor to remotely alter the equipment’s settings...

CVE-2023-3994

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...

CVE-2023-3500

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to...

Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting

St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple XSS in Advantech product| Advantech EKI-1524-CE series, EKI-1522 series, | EKI-1521 series vulnerable version| =1.21 CVE-2023-4202, =1.24 CVE-2023-4203 fixed version| 1.26 CVE number|...

Permission Bypass

GitLab CE/EE is vulnerable to Permission Bypass. The vulnerability is due to insecure authorization, a low level authenticated user can create a project with unlimited size by setting "repositorysizelimit" : 0 in the project import YAML file...

CVE-2023-4008

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known...

CVE-2023-4008

Removed by vendor...