Lucene search
K

84 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.25 views

GitLab 16.11.0 < 16.11.5 / 17.0.0 < 17.0.3 / 17.1.0 < 17.1.1 (CVE-2024-6323)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private...

7.5CVSS5.9AI score0.00521EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/25 11:2 a.m.207 views

CVE-2024-2434 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read...

8.5CVSS8.4AI score0.22889EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 11:19 a.m.33 views

BIT-GITLAB-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

6.5CVSS6.2AI score0.00922EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.5 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility of...

3.1CVSS6.9AI score0.00385EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/06 9:2 p.m.27 views

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability exists because of not verifying proper access rights to import members from a target project which allows an attacker to perform unauthorized actions...

4.3CVSS6.7AI score0.00949EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/05/03 10:15 p.m.20 views

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

3.5CVSS5.7AI score0.00894EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/15 12:0 a.m.9 views

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

6AI score0.00621EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.27 views

GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 DoS (CVE-2022-3514)

The version of GitLab installed on the remote host is prior to 15.5.7, 15.6.4, 15.7.2. It is, therefore, affected by a denial of service vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-7-2-RELEASED advisory. - An issue has been discovered in GitLab CE/EE affecting all versions...

5.3CVSS5.6AI score0.00842EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.5 views

CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

4.3CVSS6.6AI score0.00536EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.4 views

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS6.8AI score0.00895EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/07/07 12:0 a.m.76 views

GitLab 14.0 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2185)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to impo...

9.9CVSS8.3AI score0.76884EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/10/05 1:15 p.m.25 views

CVE-2021-39893

A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation...

7.5CVSS7.1AI score0.01093EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/10/05 12:28 p.m.26 views

CVE-2021-39875

Removed by vendor...

5.3CVSS6AI score0.01134EPSS
Exploits0
NVD
NVD
added 2020/10/02 8:15 p.m.31 views

CVE-2020-13338

An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references...

5.4CVSS0.007EPSS
Exploits1References2
CNVD
CNVD
added 2020/06/22 12:0 a.m.10 views

GitLab Resource Management Error Vulnerability (CNVD-2021-19408)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab 13.0.1 and...

7.5CVSS6.3AI score0.01149EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/03/13 5:3 p.m.24 views

CVE-2020-10076

Removed by vendor...

6.1CVSS6.4AI score0.00691EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/03/13 4:44 p.m.24 views

CVE-2020-10085

Removed by vendor...

5.3CVSS6AI score0.00929EPSS
Exploits0
Prion
Prion
added 2020/03/06 6:15 p.m.25 views

Improper access control

GitLab 10.7 and later through 12.7.2 has Incorrect Access Control...

7.5CVSS9.4AI score0.01383EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/02/14 10:15 p.m.32 views

CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

4.3CVSS5.9AI score0.00815EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/14 9:27 p.m.25 views

CVE-2019-15592

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline...

4.4AI score0.01035EPSS
Exploits0References2
Rows per page
Query Builder