88 matches found
Denial of service
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content...
UBUNTU-CVE-2023-6736
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content...
CVE-2023-6736
Removed by vendor...
CVE-2023-6736 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content...
CVE-2023-6736 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content...
CVE-2023-6736 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content...
GitLab Enterprise Edition Security Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab Enterprise Edition versions 11.3...
PT-2024-1688 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.3 through 16.6.7 GitLab EE versions 16.7 through 16.7.5 GitLab EE versions 16.8 through 16.8.2 GitLab EE versions 16.9 through 16.9.1 Description: The issue is related to the CODEOWNERS component of the GitLab platform,...
Cross site request forgery (csrf)
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...
UBUNTU-CVE-2023-4812
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...
CVE-2023-4812
CVE-2023-4812 describes an Incorrect Authorization issue in GitLab EE. Affected releases include all 15.3+ through 16.5.5, 16.6.0 through 16.6.3, and 16.7.0 through 16.7.1. The vulnerability allows bypassing the CODEOWNERS approval by adding changes to a previously approved merge request, potenti...
CVE-2023-4812 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...
CVE-2023-4812 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the ability to bypas...
CVE-2023-4812
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...
PT-2024-1871 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.1 through 16.7.5 GitLab versions 16.8 through 16.8.2 GitLab versions 16.9 through 16.9.0 Description: The issue is related to insufficient access control in GitLab, allowing a remote attacker to bypass security restrictions...
GitLab 15.3 < 16.5.6 / 16.6 < 16.6.4 / 16.7 < 16.7.2 (CVE-2023-4812)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The...
Gitlab -- vulnerabilities
Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...
PT-2023-8247 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.3 through 16.5.6 GitLab EE versions 16.6 through 16.6.4 GitLab EE versions 16.7 through 16.7.2 Description: The issue is related to insufficient access control to the CODEOWNERS file in GitLab EE, allowing a remote...
Improper Access Control
gitlab is vulnerable to Improper Access Control. This vulnerability allows a malicious developer with limited permissions to remove CODEOWNERS rules from a protected branch and then merge their changes...