Lucene search
K

629 matches found

OSV
OSV
added 2024/03/06 11:17 a.m.15 views

BIT-GITLAB-2021-39936

Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki...

4.3CVSS4.4AI score0.01025EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:17 a.m.13 views

BIT-GITLAB-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

6.5CVSS6.3AI score0.00892EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:16 a.m.25 views

BIT-GITLAB-2022-0740

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from...

4.3CVSS4.5AI score0.00969EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:16 a.m.19 views

BIT-GITLAB-2022-1099

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab...

4.3CVSS4.4AI score0.00861EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:16 a.m.36 views

BIT-GITLAB-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

9.8CVSS9.3AI score0.76177EPSS
Exploits3References4
OSV
OSV
added 2024/03/06 11:16 a.m.23 views

BIT-GITLAB-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

5.4CVSS5.4AI score0.00708EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:15 a.m.18 views

BIT-GITLAB-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers...

5.3CVSS5.1AI score0.00969EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:14 a.m.23 views

BIT-GITLAB-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

5.3CVSS5.1AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:14 a.m.25 views

BIT-GITLAB-2022-2592

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive loa...

6.5CVSS6.3AI score0.01044EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:14 a.m.17 views

BIT-GITLAB-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

7.5CVSS7.1AI score0.01349EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:13 a.m.17 views

BIT-GITLAB-2022-3759

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...

7.5CVSS5.4AI score0.01216EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:9 a.m.17 views

BIT-GITLAB-2023-2022 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have...

4.3CVSS4.4AI score0.0039EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:56 a.m.27 views

BIT-GITLAB-2023-5356 Incorrect Authorization in GitLab

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user...

8.8CVSS7.7AI score0.00829EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/21 11:30 p.m.28 views

CVE-2024-1525

Removed by vendor...

5.3CVSS6AI score0.00453EPSS
Exploits0
Prion
Prion
added 2024/01/26 1:15 a.m.18 views

Input validation

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests...

4.9CVSS6.8AI score0.00683EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/26 1:2 a.m.17 views

CVE-2023-5933 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests...

6.4CVSS6.9AI score0.00683EPSS
Exploits0References3
OSV
OSV
added 2024/01/12 1:56 p.m.36 views

CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to a...

10CVSS8.8AI score0.94955EPSS
Exploits16References7
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.18 views

GitLab 0.0 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39937)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential...

8.8CVSS7.8AI score0.00752EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.27 views

GitLab 10.7 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39936)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an...

4.3CVSS5.2AI score0.01025EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/12/15 4:3 p.m.16 views

CVE-2023-5512

Removed by vendor...

5.7CVSS6.2AI score0.00494EPSS
Exploits0
Rows per page
Query Builder