2484 matches found
CVE-2023-4008
CVE-2023-4008 affects GitLab CE/EE: versions 15.9–16.0.7, 16.1.0–16.1.2, and 16.2.0–16.2.1 are vulnerable to takeover of GitLab Pages via known random domain strings. Root cause: a flaw allowing domain URL URL-space takeover. Impact is described as potential page takeover; fixed in GitLab release...
CVE-2023-4008 Incorrect Ownership Assignment in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a...
CVE-2023-2022
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have...
CVE-2023-2022
CVE-2023-2022 affects GitLab CE/EE: versions before 16.0.8, and 16.1 before 16.1.3, and 16.2 before 16.2.2 are vulnerable to a missing-authorization issue that allows developers to create pipeline schedules on protected branches without merging access. The root cause is not explicitly detailed in...
CVE-2023-3900
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'startsha' value on merge requests page may lead to Denial of Service as Changes tab would not load...
CVE-2023-3994
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'startsha' value on merge requests page may lead to Denial of Service as Changes tab would not load...
CVE-2023-3364
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...
CVE-2023-3500
Removed by vendor...
CVE-2023-3900
Removed by vendor...
CVE-2023-3900
GitLab CE/EE versions affected: all 16.1 before 16.1.3 and all 16.2 before 16.2.2. Root cause: invalid start_sha value on the merge requests page may cause the Changes tab to fail to load, leading to Denial of Service (DoS). No exploitation details are provided in the sources. Remediation: upgrad...
CVE-2023-3900 Improper Validation of Specified Type of Input in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'startsha' value on merge requests page may lead to Denial of Service as Changes tab would not load...
CVE-2023-3994
GitLab CVE-2023-3994 affects GitLab CE/EE versions 9.3–16.0.7, 16.1.0–16.1.2, and 16.2.0–16.2.1, with a Regular Expression Denial of Service via crafted payloads targeting the preview_markdown endpoint (ProjectReferenceFilter). Root cause: inefficient regex processing leading to DoS. Impact: high...
CVE-2023-3994 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...
CVE-2023-3994
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...
CVE-2023-3500
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to...
CVE-2023-3364
Removed by vendor...
CVE-2023-3364
GitLab CE/EE is affected by CVE-2023-3364: a Regular Expression Denial of Service via crafted payloads using AutolinkFilter to the preview_markdown endpoint. Affected versions start from 8.14 up to 16.0.7, 16.1.0–16.1.2, and 16.2.0–16.2.1; GitLab fixed in 16.0.8, 16.1.3, and 16.2.2 per advisory s...