70 matches found
BIT-GITLAB-2026-9204 Server-Side Request Forgery (SSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
Linux Distros Unpatched Vulnerability : CVE-2026-9204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain...
CVE-2026-9204
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
UBUNTU-CVE-2026-9204
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
CVE-2026-9204 Server-Side Request Forgery (SSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
CVE-2026-9204 Server-Side Request Forgery (SSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
EUVD-2026-36225
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
CVE-2026-9204
CVE-2026-9204 describes a Server-Side Request Forgery (SSRF) in GitLab CE/EE where an authenticated user could read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs. Affected versions: 18.10 bef...
PT-2026-48656
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where insufficient validation of secondary URLs could allow an authenticated user to...
GitLab 18.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-9204)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 代码问题漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were code vulnerabilities in versions prior to 18.10 through 18.10.8...
Gitlab -- vulnerabilities
Gitlab reports: Improper Access Control issue in Group SAML Identity API impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Denial of Service issue in Grape API JSON parsing middleware impacts GitLab CE/EE HTML injection issue in certain group setting fields...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom,...
GHSA-H74G-238J-357M vulnerabilities
Vulnerabilities for packages: juicefs, knative-serving, telegraf, cert-manager, prometheus-operator, runc, redka, external-secrets-operator, prometheus, karma, cilium, falco-no-driver, dask-gateway, hubble, kyverno, kubo, argo-cd, coredns, kaf, kube-fluentd-operator, rancher-agent, helm,...
CVE-2026-39825 vulnerabilities
Vulnerabilities for packages: juicefs, knative-serving, telegraf, cert-manager, prometheus-operator, runc, redka, external-secrets-operator, prometheus, karma, cilium, falco-no-driver, dask-gateway, hubble, kyverno, kubo, argo-cd, coredns, kaf, kube-fluentd-operator, rancher-agent, helm,...
GHSA-H74G-238J-357M vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, coder-fips, reports-server, datadog-agent, loki, aws-flb-firehose-fips, azurefile-csi-fips, runc, dapr, grafana, knative-serving-fips, aactl, elastic-agent, kaf, kube-state-metrics, external-dns, flux-fips, rclone-fips, kube-rbac-proxy-fips,...
CVE-2026-39825 vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, coder-fips, reports-server, datadog-agent, loki, aws-flb-firehose-fips, azurefile-csi-fips, runc, dapr, grafana, knative-serving-fips, aactl, elastic-agent, kaf, kube-state-metrics, external-dns, flux-fips, rclone-fips, kube-rbac-proxy-fips,...
CVE-2026-42499 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, knative-net-istio-fips, datadog-agent, gatus-fips, crossplane-provider-aws-guardduty, crossplane-provider-aws-secretsmanager-fips, crossplane-provider-aws-sqs-fips, crossplane-provider-aws-cloudwatchevents-fips,...
CVE-2026-39820 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, knative-net-istio-fips, datadog-agent, gatus-fips, crossplane-provider-aws-guardduty, crossplane-provider-aws-secretsmanager-fips, crossplane-provider-aws-sqs-fips, crossplane-provider-aws-cloudwatchevents-fips,...