CVE-2024-0456 Direct Request ('Forced Browsing') in GitLab

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

PT-2024-1046 · Mattermost +2 · Mattermost +3

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 16.5.6 GitLab CE/EE versions 16.6 through 16.6.4 GitLab CE/EE versions 16.7 through 16.7.2 Description: The issue is related to incorrect authorization checks in GitLab, allowing a user to abuse...

PT-2023-29496 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are...

PT-2023-27107 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.6 through 16.2.8 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where upstream members collaborating on a branch could get permission to write to...

PT-2023-23570 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.11 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where an authenticated user could trigger a denial of service when importing or...

PT-2023-27166 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.3 through 16.0.7 GitLab CE/EE versions 16.1 through 16.1.2 GitLab CE/EE versions 16.2 through 16.2.1 Description: An issue has been discovered in GitLab CE/EE, where a Regular Expression Denial of Service was possible...

PT-2023-16412 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.0.7 GitLab versions 16.1 through 16.1.2 GitLab versions 16.2 through 16.2.1 Description: An issue has been discovered in GitLab, allowing a Regular Expression Denial of Service by using crafted payloads to sear...

PT-2023-18303

Name of the Vulnerable Software and Affected Versions GitLab versions 15.9 through 16.0.7 GitLab versions 16.1 through 16.1.2 GitLab versions 16.2 through 16.2.1 Description An issue has been discovered in GitLab, allowing an attacker to trigger a stored XSS vulnerability via user interaction wit...

PT-2023-18360 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.14 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE, which allows an attacker to inject HTML in an email...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

PT-2023-18427 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.10 through 16.0 Description: An issue has been discovered in GitLab, leading to a ReDoS vulnerability in the Jira prefix. Recommendations: For GitLab versions 15.10 through 16.0, update to version 16.1 or later to resolve t...

CVE-2023-2485

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they...

UBUNTU-CVE-2023-0121

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

UBUNTU-CVE-2023-0508

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

PT-2023-17409 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 1.2 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: The issue allows someone to abuse a discrepancy between the Web application display and the git comma...

PT-2023-16848 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.9 through 15.9.6 GitLab versions 15.10 through 15.10.5 GitLab versions 15.11 through 15.11.1 Description: The issue allows a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab...

UBUNTU-CVE-2018-15472

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout...

PT-2023-10678 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.0 through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.0 through 11.3.1 Description: An issue was...

UBUNTU-CVE-2023-1733

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1...

CVE-2023-1733

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1...