2483 matches found
CVE-2024-6685
Removed by vendor...
BIT-GITLAB-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
BIT-GITLAB-2024-6678 Authentication Bypass by Spoofing in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...
BIT-GITLAB-2024-8124 Inefficient Regular Expression Complexity in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request...
BIT-GITLAB-2024-8641 Privilege Context Switching Error in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...
CVE-2024-6678
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...
CVE-2024-4472
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
CVE-2024-4472
CVE-2024-4472 affects GitLab CE/EE; vulnerable versions include all from 16.5 up to 17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2, where dependency proxy credentials are retained in GraphQL logs. The issue’s root cause is credentials leakage in GraphQL log handling. Remediation is to apply the...
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
CVE-2024-4472
Removed by vendor...
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
CVE-2024-6678
GitLab CE/EE vulnerable in versions from 8.14 up to 17.1.7, from 17.2 up to 17.2.5, and from 17.3 up to 17.3.2. The issue allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. The affected components are GitLab pipelines; root cause details are not provided in...
CVE-2024-6678
Removed by vendor...
CVE-2024-6678 Authentication Bypass by Spoofing in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...
CVE-2024-8641 Privilege Context Switching Error in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...
CVE-2024-8641
GitLab CVE-2024-8641 affects GitLab CE/EE versions 13.7 to before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker who has a victim’s CI_JOB_TOKEN could obtain the victim’s GitLab session token, enabling session hijacking. Remediation is available in patched releases: upgrade to Gi...
CVE-2024-8754
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
CVE-2024-8124 Inefficient Regular Expression Complexity in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request...
CVE-2024-8124
GitLab CE/EE is affected in multiple tracked branches: versions from 16.4 up to 17.1.7, from 17.2 up to 17.2.5, and from 17.3 up to 17.3.2 are vulnerable to Denial of Service via a specific POST request. The issue has CVSS v3.1 base score 7.5 (HIGH) with network attack vector, low complexity, and...
PT-2024-6146 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.14 through 17.1.7 GitLab CE/EE versions 17.2 through 17.2.5 GitLab CE/EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab CE/EE that allows an attacker to trigger a pipeline as an arbitrary...