CVE-2024-2191 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only...

CVE-2024-4557

CVE-2024-4557 is an active GitLab DoS vulnerability affecting GitLab CE/EE. The issue enables resource exhaustion via the banzai pipeline in affected releases: GitLab 1.0–16.11.4, 17.0–17.0.2, and 17.1–17.1.0 (up to but not including fixed versions). Multiple connected sources describe the root c...

CVE-2024-4557

Removed by vendor...

CVE-2024-5430

Removed by vendor...

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...

BIT-GITLAB-2024-2651 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...

CVE-2023-6502

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

CVE-2023-6502

Summary of CVE-2023-6502: A DoS vulnerability in GitLab CE/EE triggered by processing a crafted wiki page. Affected: GitLab Community Edition and Enterprise Edition, across all versions prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. Root cause and exact technical details are ...

CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls...

CVE-2024-2874

Removed by vendor...

CVE-2023-6682

Removed by vendor...

CVE-2023-6688 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...

CVE-2024-2454

Removed by vendor...

CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request...

CVE-2024-4539

GitLab CE/EE (versions 15.4–16.9.7, 16.10–16.10.5, 16.11–16.11.2) is affected by CVE-2024-4539 where abusing the API to filter branches and tags could cause a Denial of Service. Root cause: improper API filtering logic allows resource abuse. Impact: DoS with network access and low attacker privil...

CVE-2024-4539

Removed by vendor...

PT-2024-15048 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: The issue is related to a problem with the processing logic for Discord Integrations Chat Messages,...

PT-2024-20438 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.11 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab CE/EE where the "pins endpoint" is susceptible to a Denial ...