Lucene search
K

18 matches found

EUVD
EUVD
added 2026/02/25 9:31 p.m.6 views

EUVD-2026-8723

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint...

5.3CVSS5.4AI score0.0035EPSS
Exploits0References4
NVD
NVD
added 2026/02/25 9:16 p.m.10 views

CVE-2026-1725

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint...

7.5CVSS0.0035EPSS
Exploits0References3
OSV
OSV
added 2026/02/25 9:16 p.m.9 views

UBUNTU-CVE-2026-1725

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References5
CVE
CVE
added 2026/02/25 8:4 p.m.40 views

CVE-2026-1725

GitLab CE/EE versions 18.9 prior to 18.9.1 were remediated for a Denial of Service condition triggered by unauthenticated requests to the CI jobs API endpoint. Affected product: GitLab CE/EE. Vulnerability: allowing DoS under certain conditions via specially crafted CI jobs API calls. Root cause ...

7.5CVSS5.4AI score0.0035EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/25 8:4 p.m.21 views

CVE-2026-1725 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint...

5.3CVSS0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24731

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00945EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:16 a.m.23 views

BIT-GITLAB-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS4.1AI score0.00945EPSS
Exploits0References4
Veracode
Veracode
added 2023/07/23 8:33 a.m.16 views

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS6.8AI score0.00945EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/05 12:0 a.m.37 views

FreeBSD : Gitlab -- Multiple vulnerabilities (16f7ec68-5cce-11ed-9be7-454b1dd82c64)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 16f7ec68-5cce-11ed-9be7-454b1dd82c64 advisory. - Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS wit...

9CVSS6.2AI score0.86326EPSS
Exploits2References15
FreeBSD
FreeBSD
added 2022/11/02 12:0 a.m.44 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...

9CVSS0.7AI score0.86326EPSS
Exploits2References1
Hacker One
Hacker One
added 2022/05/24 10:29 a.m.20 views

GitLab: XSS: `v-safe-html` is not safe enough

v-safe-html directive uses Dompurify to remove data-remote', 'data-url', 'data-type', 'data-method' attributes from HTML tags. Rails-js relies on another attribute, data-disable-with to show a HTML content when an user clicks on a disabled link. For example, the following text will bypass the...

0.1AI score
Exploits0
NVD
NVD
added 2022/05/10 9:15 p.m.19 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS0.00945EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/05/10 9:15 p.m.47 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS5.8AI score0.00945EPSS
Exploits0References4
Prion
Prion
added 2022/05/10 9:15 p.m.16 views

Improper access control

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4CVSS4.3AI score0.00945EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/05/10 8:30 p.m.19 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS4.6AI score0.00945EPSS
Exploits0References3
OSV
OSV
added 2022/05/10 8:30 p.m.16 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS6.4AI score0.00945EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/05/10 8:30 p.m.32 views

CVE-2022-1417

Removed by vendor...

4.3CVSS5.8AI score0.00945EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.1 views

PT-2022-13872 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.12 through 14.8.6 GitLab CE/EE versions 14.9 through 14.9.4 GitLab CE/EE versions 14.10 through 14.10.1 Description: The issue is related to improper access control in GitLab CE/EE, allowing non-project members to acce...

4.3CVSS4AI score0.00945EPSS
Exploits0References7
Rows per page
Query Builder