Lucene search
K

629 matches found

UbuntuCve
UbuntuCve
added 2024/08/08 11:15 a.m.12 views

CVE-2024-5423

Multiple Denial of Service DoS conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline...

6.5CVSS5.7AI score0.00462EPSS
Exploits0References3
OSV
OSV
added 2024/08/08 10:31 a.m.14 views

CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

6.8CVSS6.3AI score0.00355EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/08 10:31 a.m.21 views

CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

5.3CVSS0.00301EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/08/08 10:31 a.m.15 views

CVE-2024-5423

Removed by vendor...

6.5CVSS5.8AI score0.00462EPSS
Exploits0
CVE
CVE
added 2024/08/08 10:30 a.m.185 views

CVE-2024-7554

CVE-2024-7554 affects GitLab CE/EE: all versions from 13.9 before 17.0.6, all 17.1 before 17.1.4, and all 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged via a specific API request pattern (confidentiality impact high; no integrity/availability impact reported). T...

6.5CVSS5AI score0.00403EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/08 10:30 a.m.18 views

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

4.9CVSS6.5AI score0.00403EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/08/08 10:30 a.m.14 views

CVE-2024-7554

Removed by vendor...

6.5CVSS5.8AI score0.00403EPSS
Exploits0
OSV
OSV
added 2024/08/08 10:30 a.m.21 views

CVE-2024-7610 Uncontrolled Resource Consumption in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...

4.3CVSS6.4AI score0.00448EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/08/08 10:15 a.m.11 views

CVE-2024-4210

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files...

6.5CVSS5.7AI score0.00503EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/08/08 10:2 a.m.18 views

CVE-2024-4210

Removed by vendor...

6.5CVSS5.8AI score0.00503EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.5 views

PT-2024-5516 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: An issue has been discovered in GitLab CE/EE where access tokens may have been logged when an API reque...

6.8CVSS6.7AI score0.00403EPSS
Exploits0References14
NVD
NVD
added 2024/07/25 1:15 a.m.22 views

CVE-2024-7057

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

4.3CVSS0.00372EPSS
Exploits0References2
OSV
OSV
added 2024/07/25 12:30 a.m.19 views

CVE-2024-7057 Improper Access Control in GitLab

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

4.3CVSS5.9AI score0.00372EPSS
Exploits0References5
OSV
OSV
added 2024/07/25 12:30 a.m.14 views

CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...

7.7CVSS6.4AI score0.00322EPSS
Exploits0References4
CVE
CVE
added 2024/07/25 12:30 a.m.87 views

CVE-2024-7047

CVE-2024-7047 is a cross-site scripting vulnerability in GitLab CE/EE. Concrete details from multiple sources show the issue arises from improper neutralization/protection of input in web page generation, allowing an attacker to execute scripts in the context of the currently logged-in user. Affe...

7.7CVSS7.2AI score0.00322EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/24 11:15 p.m.40 views

CVE-2024-0231

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...

2.7CVSS0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/24 10:7 p.m.26 views

CVE-2024-7060 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export...

2.6CVSS0.00285EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/07/24 10:7 p.m.14 views

CVE-2024-7060

Removed by vendor...

6.5CVSS5.8AI score0.00285EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.3 views

PT-2024-4667 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.8 through 16.11.6 GitLab CE/EE versions 17.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to trigger a pipeline as another use...

9.8CVSS6.7AI score0.06036EPSS
Exploits0References65
NVD
NVD
added 2024/07/09 2:15 p.m.23 views

CVE-2024-2177

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...

6.8CVSS0.00651EPSS
Exploits1References2
Rows per page
Query Builder