BIT-GITLAB-2024-2651 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...

BIT-GITLAB-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

CVE-2023-6502

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

CVE-2023-6502

Summary of CVE-2023-6502: A DoS vulnerability in GitLab CE/EE triggered by processing a crafted wiki page. Affected: GitLab Community Edition and Enterprise Edition, across all versions prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. Root cause and exact technical details are ...

CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

CVE-2023-7045

Removed by vendor...

CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls...

CVE-2024-2874

Removed by vendor...

GitLab 12.3 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13272)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow CVE-2020-13272 Note that Nessus has not tested for this issue but...

GitLab 12.8 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13267)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 CVE-2020-13267 Note that Nessus has not...

PT-2024-12005 · German Mesky · Gmace

Name of the Vulnerable Software and Affected Versions: GMAce versions 1.5.2 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability allows Path Traversal in German Mesky GMAce...

CVE-2024-4539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

CVE-2024-4539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

CVE-2023-6682

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

CE Phoenix Version 1.0.8.20 - Stored XSS Vulnerability

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

CE Phoenix Version 1.0.8.20 - Stored XSS

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

CVE-2023-6682 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

CVE-2023-6682

Removed by vendor...

CVE-2023-6688

CVE-2023-6688 – GitLab CE/EE (16.11.x) affected versions: 16.11 up to but not including 16.11.2. Root cause: processing logic for Google Chat Messages integration allows a regular expression DoS on the server. Impact: availability impact is reported as HIGH; confidentiality/integrity remain NONE....