UBUNTU-CVE-2018-15472

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout...

PT-2023-10678 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.0 through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.0 through 11.3.1 Description: An issue was...

UBUNTU-CVE-2023-1733

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1...

PT-2023-16560 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.1 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue in GitLab allows a maintainer to modify a webhook URL, potentially leaking masked webhook secrets by adding a...

PT-2023-16970 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where it was possible for an unauthorized user to add child epics linked to a victim's epic in an unrelated group...

CVE-2023-1733

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1...

UBUNTU-CVE-2023-0050

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...

UBUNTU-CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

PT-2023-16737 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.0 through 15.7.7 GitLab versions 15.8 through 15.8.3 GitLab versions 15.9 through 15.9.1 Description: An issue in GitLab allows for a resource depletion attack due to improper filtering of the number of requests to read comm...

PT-2023-2220 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: An issue has been discovered in GitLab that allows a project maintainer to extract a Datadog integration API key by...

SUSE CVE-2018-15472

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout...

SUSE CVE-2019-18453

An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions...

SUSE CVE-2019-18462

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions...

UBUNTU-CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

PT-2023-13824 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 15.4.5 GitLab versions 15.5 through 15.5.4 GitLab versions 15.6 through 15.6.0 Description: An issue has been discovered in GitLab where a project maintainer could leak a webhook secret token by changing the webhoo...

PT-2023-13448 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: The issue arises from inadequate filtering of query parameters on the wiki changes page, allowing an...

PT-2022-21522 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.0 through 15.2.5 GitLab versions 15.3 through 15.3.4 GitLab versions 15.4 through 15.4.1 Description: The issue allows an unauthorized attacker to bypass the healthcheck endpoint allow list, preventing access to GitLab. Thi...

CVE-2022-3285

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab...

UBUNTU-CVE-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...

UBUNTU-CVE-2022-2630

An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events...