957 matches found
CVE-2024-7554
Removed by vendor...
CVE-2024-7610 Uncontrolled Resource Consumption in GitLab
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...
CVE-2024-4210
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files...
CVE-2024-4210
Removed by vendor...
PT-2024-5516 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: An issue has been discovered in GitLab CE/EE where access tokens may have been logged when an API reque...
CVE-2024-7057
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...
CVE-2024-7057
Removed by vendor...
CVE-2024-7057 Improper Access Control in GitLab
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...
CVE-2024-7047
CVE-2024-7047 is a cross-site scripting vulnerability in GitLab CE/EE. Concrete details from multiple sources show the issue arises from improper neutralization/protection of input in web page generation, allowing an attacker to execute scripts in the context of the currently logged-in user. Affe...
CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...
CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-7060 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export...
CVE-2024-7060
Removed by vendor...
PT-2024-4667 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.8 through 16.11.6 GitLab CE/EE versions 17.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to trigger a pipeline as another use...
CVE-2024-2177
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-1493
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
CVE-2024-5655
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances...
CVE-2024-2191
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only...
CVE-2024-4901
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes...