CVE-2023-3364

Removed by vendor...

CVE-2023-2200

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

CVE-2023-3444

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches...

CVE-2023-3424

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

CVE-2023-2620

CVE-2023-2620 documents an issue in GitLab CE/EE where versions from 15.1 up to 15.11.10, 16.0 up to 16.0.6, and 16.1 up to 16.1.1 allow a maintainer to modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. The description indicates this is an incomplete fix f...

CVE-2023-2576

CVE-2023-2576 — GitLab Codeowners bypass . Affects GitLab CE/EE: all versions from 13.7 up to but not including 15.11.10; from 16.0 up to 16.0.5; from 16.1 up to 16.1.0. Root cause: a developer could remove CODEOWNERS rules and merge to a protected branch. Impact stated as enabling modification/m...

CVE-2023-2576 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...

CVE-2023-3362

Summary: CVE-2023-3362 is an information disclosure in GitLab CE/EE. Affected software: GitLab Community Edition and Enterprise Edition, all versions from 16.0 prior to 16.0.6, and version 16.1.0. Root cause (as stated): Unauthenticated actors can access the import error information when a projec...

CVE-2023-3363

CVE-2023-3363 describes an information disclosure in GitLab CE/EE where Sidekiq logs could expose webhook tokens when the log format is set to default. Affected ranges include all 13.6.x versions before 15.11.10, all 16.0.x before 16.0.6, and all 16.1.x before 16.1.1. The root cause is related to...

CVE-2023-3444

GitLab CE/EE contains CVE-2023-3444 affecting: 15.3–15.11.10, 16.0–16.0.6, and 16.1–16.1.1. The issue permits an attacker to merge arbitrary code into protected branches. Root cause and technical details beyond this description are not provided in the connected documents. No remediation or patch ...

CVE-2023-3424

GitLab CE/EE is affected by CVE-2023-3424 due to an inefficient regular expression in the preview_markdown endpoint, allowing a Regular Expression Denial of Service. Affected products and versions: GitLab CE/EE 10.3–15.11.9, 16.0.x prior to 16.0.6, and 16.1.x prior to 16.1.1. The root cause is a ...

CVE-2023-2200

Removed by vendor...

CVE-2023-2190

CVE-2023-2190 affects GitLab CE/EE. Affected: all versions starting from 13.10 before 15.11.10; all versions from 16.0 before 16.0.6; all versions from 16.1 before 16.1.1. Description indicates a vulnerability where users may view new commits to private projects in a fork created while the projec...

CVE-2023-1936

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue...

CVE-2023-1936

GitLab CE/EE is affected by CVE-2023-1936: versions 13.7–15.11.10, 16.0–16.0.6, and 16.1–16.1.1 disclose the email address of the user who created a service desk issue. Root cause is a privacy-related info disclosure in service desk issue creation. Impact is leakage of private user email addresse...