Lucene search
K

76 matches found

UbuntuCve
UbuntuCve
added 2025/01/08 8:15 p.m.9 views

CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

6.5CVSS5.9AI score0.0047EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/12/25 3:15 p.m.7 views

CVE-2023-5117

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL...

3.7CVSS5.9AI score0.00302EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/12/16 5:15 a.m.13 views

CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS5.9AI score0.00435EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.15 views

CVE-2024-12292

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...

4CVSS5.8AI score0.00216EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.18 views

CVE-2024-10043

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

3.1CVSS5.8AI score0.00445EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.21 views

CVE-2024-8233

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...

7.5CVSS5.8AI score0.00765EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.14 views

CVE-2024-9367

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

4.3CVSS5.9AI score0.00475EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.7 views

CVE-2024-8647

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled...

5.4CVSS5.9AI score0.00423EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/11/26 8:15 p.m.9 views

CVE-2024-10240

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project,...

5.3CVSS5.7AI score0.00543EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/11/26 7:15 p.m.11 views

CVE-2024-8237

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file...

7.5CVSS5.7AI score0.00611EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/11/26 7:15 p.m.9 views

CVE-2024-8177

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry...

7.5CVSS5.9AI score0.00571EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/11/26 7:15 p.m.7 views

CVE-2024-11828

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...

7.5CVSS5.9AI score0.00583EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/11/14 1:15 p.m.6 views

CVE-2024-8648

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL...

6.1CVSS5.8AI score0.00364EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/10/24 10:15 a.m.19 views

CVE-2024-8312

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

8.7CVSS5.8AI score0.00472EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/10/24 10:15 a.m.9 views

CVE-2024-6826

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file...

6.5CVSS5.7AI score0.00531EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/10/11 1:15 p.m.10 views

CVE-2024-9164

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches...

9.6CVSS7.4AI score0.00911EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/10/11 1:15 p.m.12 views

CVE-2024-5005

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

4.3CVSS5.8AI score0.00373EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/10/10 10:15 a.m.10 views

CVE-2024-9623

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/09/16 10:15 p.m.9 views

CVE-2024-4283

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/09/12 7:15 p.m.8 views

CVE-2024-4472

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

5.5CVSS5.9AI score0.00216EPSS
Exploits0References3
Rows per page
Query Builder