Input validation

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

CVE-2023-2132

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted...

CVE-2023-0921

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted...

CVE-2023-0921 Allocation of Resources Without Limits or Throttling in GitLab

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

CVE-2023-2132

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted...

CVE-2023-2132

GitLab CE/EE versions affected by CVE-2023-2132 include 15.4–15.10.7, 15.11.0–15.11.6, and 16.0.0–16.0.1. The vulnerability arises from a DollarMathPostFilter Regular Expression Denial of Service in the preview_markdown endpoint, allowing crafted payloads to cause resource exhaustion. Affected co...

CVE-2023-2132

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted...

PT-2023-18096 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: An issue has been discovered in GitLab CE/EE, where a DollarMathPostFilter Regular Expression Denial...

CVE-2023-2132

Removed by vendor...

CVE-2023-0921

Removed by vendor...

Path traversal

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

GitLab CE/EE Path Traversal Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...

CVE-2023-2825

GitLab CE/EE 16.0.0 is affected by CVE-2023-2825 due to a directory/path traversal flaw that lets an unauthenticated attacker read arbitrary server files when an attachment exists in a public project nested within at least five groups. Root cause: insufficient path validation in the attachment ha...

CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

Advantech EKI-15XX Series Command Injection / Buffer Overflow

CyberDanube Security Research 20230511-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| EKI-1524-CE series, EKI-1522 series, EKI-1521 series vulnerable version| 1.21 fixed version| 1.24 CVE number| CVE-2023-2573,...

PT-2023-22432 · Webroot · Webroot Secureanywhere Endpoint Protection Ce

Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere Endpoint Protection CE versions 9.0.33.39 and earlier Description: An issue in Webroot SecureAnywhere Endpoint Protection CE allows a local attacker to access sensitive information via the EXE installer. Recommendations...

CVE-2023-2478

CVE-2023-2478 affects GitLab CE/EE, versions 15.4 up to but not including 15.9.7, 15.10 up to but not including 15.10.6, and 15.11 up to but not including 15.11.2. The root cause is a condition where a malicious, authorized GitLab user can use the GraphQL endpoint to attach a rogue runner to any ...

PT-2023-2917 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.9.6 GitLab CE/EE versions 15.10 through 15.10.5 GitLab CE/EE versions 15.11 through 15.11.1 Description: An issue has been discovered in GitLab CE/EE, where under certain conditions, a malicious...

FreeBSD : Gitlab -- Multiple Vulnerabilities (89fdbd85-ebd2-11ed-9c88-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89fdbd85-ebd2-11ed-9c88-001b217b3468 advisory. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7,...