629 matches found
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-1493
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
CVE-2024-2191
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only...
CVE-2024-5655
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances...
CVE-2024-2191 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only...
CVE-2024-4557
CVE-2024-4557 is an active GitLab DoS vulnerability affecting GitLab CE/EE. The issue enables resource exhaustion via the banzai pipeline in affected releases: GitLab 1.0–16.11.4, 17.0–17.0.2, and 17.1–17.1.0 (up to but not including fixed versions). Multiple connected sources describe the root c...
CVE-2024-4557
Removed by vendor...
CVE-2024-5430
Removed by vendor...
CVE-2024-1495
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...
CVE-2024-1495
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...
BIT-GITLAB-2024-2651 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...
CVE-2023-6502
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...
CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...
CVE-2023-6502
Summary of CVE-2023-6502: A DoS vulnerability in GitLab CE/EE triggered by processing a crafted wiki page. Affected: GitLab Community Edition and Enterprise Edition, across all versions prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. Root cause and exact technical details are ...
CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab
A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls...
CVE-2024-2874
Removed by vendor...
CVE-2023-6682
Removed by vendor...
CVE-2023-6688 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...
CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request...
CVE-2024-2454
Removed by vendor...