CVE-2024-8648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL...

CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

PT-2024-16571 · WordPress · Code Embed

Name of the Vulnerable Software and Affected Versions: Code Embed plugin for WordPress versions up to 2.5 Description: The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery via the ce get file function. This makes it possible for authenticated attackers, with...

CVE-2024-8312

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

CVE-2024-6826

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file...

CVE-2024-6826 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file...

CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

CVE-2024-8312

CVE-2024-8312 affects GitLab CE/EE versions 15.10–17.3.5, 17.4–17.4.2, and 17.5–17.5.0, where an attacker can inject HTML into the Global Search field in a diff view, causing cross-site scripting (XSS). Root cause: improper input handling in the Global Search/diff view; impact: potential disclosu...

CVE-2024-8312

Removed by vendor...

CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

PT-2024-9136 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: An issue has been discovered in GitLab CE/EE that could allow an attacker to inject HTML into the Glob...

CVE-2024-8970

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances...

CVE-2024-8970

GitLab CE/EE vulnerable in multiple versions (11.6–17.2.9, 17.3–17.3.5, 17.4–17.4.2) where an attacker could trigger a pipeline as another user under certain conditions. Affected projects include GitLab CE/EE; the issue is addressed in updated releases. Public references point to GitLab issues an...

CVE-2024-9623

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...

CVE-2024-9623 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...

PT-2024-10154 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.8 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue is related to an open redirect vulnerability in a GitLab CE/EE API endpoint. This could allow...

PT-2024-10155 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: An issue exists in GitLab CE/EE that allows a remote attacker to cause uncontrolled CPU consumption,...

BIT-GITLAB-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...

CVE-2024-6685

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...