Lucene search
K

629 matches found

CVE
CVE
added 2025/03/27 12:30 p.m.81 views

CVE-2025-2242

CVE-2025-2242 describes an improper access-control vulnerability in GitLab CE/EE that lets a former instance admin, downgraded to a regular user, retain elevated privileges to groups and projects across GitLab versions 17.4 through 17.8.6, 17.9 through 17.9.3, and 17.10 through 17.10.1. The provi...

8.8CVSS7.3AI score0.00352EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.4 views

PT-2025-6519 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: A denial of service vulnerability exists in GitLab CE/EE. An attacker can impact the availability of...

8.5CVSS6.7AI score0.00473EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2025/02/06 12:46 a.m.10 views

CVE-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

7.5CVSS6.4AI score0.01349EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:49 p.m.16 views

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

9.8CVSS6.6AI score0.76177EPSS
Exploits3References1
NVD
NVD
added 2025/02/05 10:15 a.m.22 views

CVE-2023-6386

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation...

7.5CVSS0.00513EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 10:3 a.m.10 views

CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

8.7CVSS5.6AI score0.00512EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/09 6:2 a.m.16 views

CVE-2024-6324 Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics...

4.3CVSS6.5AI score0.00692EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/12/12 12:2 p.m.19 views

CVE-2024-9367 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

4.3CVSS0.00465EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/12/12 11:30 a.m.14 views

CVE-2024-12292

Removed by vendor...

4CVSS5.8AI score0.00212EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.5 views

PT-2024-9581 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: An issue was discovered in GitLab CE/EE where the injection of Network Error Logging NEL headers in the...

8.7CVSS6.1AI score0.00463EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.5 views

PT-2024-9582 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue affects GitLab CE/EE and is related to an uncontrolled resource consumption. An attacker could...

7.8CVSS6.9AI score0.0075EPSS
Exploits1References16
NVD
NVD
added 2024/11/26 7:15 p.m.20 views

CVE-2024-8237

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file...

7.5CVSS0.00611EPSS
Exploits0References2
OSV
OSV
added 2024/11/26 6:30 p.m.9 views

CVE-2024-11668 Insufficient Session Expiration in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...

4.2CVSS6.7AI score0.00326EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.5 views

PT-2024-8872 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.6 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: An issue was discovered in GitLab CE/EE that could cause Denial of Service via integrating a malicious...

7.5CVSS6.6AI score0.00571EPSS
Exploits0References14
NVD
NVD
added 2024/11/14 2:15 p.m.15 views

CVE-2024-9633

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain,...

7.5CVSS0.00437EPSS
Exploits0References2
CVE
CVE
added 2024/11/14 1:2 p.m.90 views

CVE-2024-7404

GitLab CVE-2024-7404 affects GitLab CE/EE versions: 17.2–17.3.6, 17.4–17.4.3, and 17.5–17.5.1, where a flaw in the Device OAuth flow could allow an attacker with full API access as the victim. The vulnerability enables unauthorized API access via the victim’s session, with high confidentiality im...

6.8CVSS6.3AI score0.00538EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/14 1:2 p.m.20 views

CVE-2024-7404 Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow...

6.8CVSS6.5AI score0.00538EPSS
Exploits0References3
NVD
NVD
added 2024/11/14 11:15 a.m.21 views

CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

5.4CVSS0.0035EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/14 11:2 a.m.25 views

CVE-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

5.4CVSS0.0035EPSS
Exploits0References3
NVD
NVD
added 2024/10/24 10:15 a.m.12 views

CVE-2024-6826

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file...

6.5CVSS0.00531EPSS
Exploits1References2
Rows per page
Query Builder