629 matches found
CVE-2024-4539
GitLab CE/EE (versions 15.4–16.9.7, 16.10–16.10.5, 16.11–16.11.2) is affected by CVE-2024-4539 where abusing the API to filter branches and tags could cause a Denial of Service. Root cause: improper API filtering logic allows resource abuse. Impact: DoS with network access and low attacker privil...
PT-2024-20438 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.11 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab CE/EE where the "pins endpoint" is susceptible to a Denial ...
PT-2024-15048 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: The issue is related to a problem with the processing logic for Discord Integrations Chat Messages,...
BIT-GITLAB-2024-2434 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read...
CVE-2024-2829
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service...
PT-2024-3105 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 prior to 16.9.6 GitLab CE/EE versions 16.10 prior to 16.10.4 GitLab CE/EE versions 16.11 prior to 16.11.1 Description: The issue is related to incorrect limitation of the path name to a directory with restricted...
BIT-GITLAB-2023-6489 Inefficient Regular Expression Complexity in GitLab
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature...
CVE-2023-6489
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature...
CVE-2024-2279
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...
CVE-2023-6371
Summary of CVE-2023-6371 (GitLab CE/EE): An issue in GitLab CE/EE where a wiki page with a crafted payload can cause a Stored XSS, allowing an attacker to perform arbitrary actions on behalf of victims. Affected versions: all versions before 16.8.5, all versions from 16.9 before 16.9.3, and all v...
GitLab CE/EE Password Reset
Exploit Title: GitLab CE/EE 16.7.2 - Password Reset Exploit Author: Sebastian Kriesten 0xB455 Twitter: https://twitter.com/0xB455 Date: 2024-01-12 Vendor Homepage: gitlab.com Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/...
BIT-GITLAB-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...
BIT-GITLAB-2021-22213
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...
BIT-GITLAB-2021-22242
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...
BIT-GITLAB-2021-22247
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...
BIT-GITLAB-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...
BIT-GITLAB-2021-39867
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery SSRF attacks...
BIT-GITLAB-2021-39880
A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...
BIT-GITLAB-2021-39895
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure...
BIT-GITLAB-2021-39934
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2...