CVE-2024-3959 Improper Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user...

CVE-2024-4557

CVE-2024-4557 is an active GitLab DoS vulnerability affecting GitLab CE/EE. The issue enables resource exhaustion via the banzai pipeline in affected releases: GitLab 1.0–16.11.4, 17.0–17.0.2, and 17.1–17.1.0 (up to but not including fixed versions). Multiple connected sources describe the root c...

CVE-2024-4557

Removed by vendor...

CVE-2024-4901

CVE-2024-4901 affects GitLab CE/EE: a stored XSS vulnerability that could be imported from a project with malicious commit notes. Root cause cited as improper neutralization of input during web page generation. Affected versions: GitLab 16.9–16.11.4, 17.0.0–17.0.2, and 17.1.0–17.1.0 (and similar ...

CVE-2024-4901

Removed by vendor...

CVE-2024-4901 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes...

CVE-2024-5430 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...

CVE-2024-5430 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...

CVE-2024-5430

Removed by vendor...

GitLab Authorization Issues Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. An authorization issue vulnerability exists in GitLab CE/EE, which stems from...

OPENSUSE-SU-2024:14059-1 singularity-ce-4.1.3-1.1 on GA media

These are all security issues fixed in the singularity-ce-4.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...

CVE-2024-1963

Removed by vendor...

Fedora: Security Advisory (FEDORA-2024-c95d3199c5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : singularity-ce (2024-c95d3199c5)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c95d3199c5 advisory. Bulk update of bundled Go dependencies. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

BIT-GITLAB-2023-6502 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

CVE-2024-5318 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

BIT-GITLAB-2023-6682 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

BIT-GITLAB-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request...