Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 2025/07/12 9:25 a.m.13 views

CVE-2025-4972

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...

2.7CVSS5.9AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.3 views

PT-2025-29071 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.3 through 17.11.5 GitLab EE versions 18.0 through 18.0.3 GitLab EE versions 18.1 through 18.1.1 Description: An issue exists in GitLab EE that allows authenticated project owners to bypass group-level forking restriction...

4.3CVSS5.8AI score0.00295EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/06/28 6:19 a.m.13 views

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

4.3CVSS5.7AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2025/06/26 5:31 a.m.10 views

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

2.7CVSS6.3AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2025/06/20 5:12 p.m.2 views

CVE-2025-2443 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

8.7CVSS6.4AI score0.00322EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/06/20 1:58 p.m.4 views

CVE-2024-7586

Removed by vendor...

7.5CVSS5.8AI score0.00263EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/06/12 4:27 p.m.13 views

CVE-2025-5982

Removed by vendor...

7.5CVSS5.8AI score0.0026EPSS
Exploits0
NVD
NVD
added 2025/06/12 2:15 p.m.8 views

CVE-2024-9512

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.9CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/12 2:2 p.m.10 views

CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.3CVSS0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.4 views

PT-2025-25313 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 17.10.8 GitLab EE versions 17.11 prior to 17.11.4 GitLab EE versions 18.0 prior to 18.0.2 Description: An issue has been discovered in GitLab EE that may have allowed private repositories to be cloned due to a race...

5.3CVSS5.9AI score0.00217EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.6 views

CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

6.4CVSS7.2AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.11 views

CVE-2024-1250

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with managegroupaccesstokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation...

6.5CVSS6.4AI score0.00549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.7 views

CVE-2024-0861

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the Guest role can change Custom dashboard projects settings contrary to permissions...

4.3CVSS6.4AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.8 views

CVE-2024-4612

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...

6.4CVSS6.5AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.5 views

CVE-2021-39930

Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates...

4.3CVSS6.4AI score0.00806EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.4 views

PT-2025-17732 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.9.6 GitLab EE versions 17.10 through 17.10.4 GitLab EE versions 17.11 through 17.11.0 Description: An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security...

8.7CVSS9.1AI score0.0054EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2025/04/12 1:40 p.m.21 views

CVE-2024-11129

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."...

7.5CVSS6.4AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/15 8:56 a.m.9 views

CVE-2024-7296

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

2.7CVSS6.2AI score0.00339EPSS
Exploits1References1
OSV
OSV
added 2025/03/15 7:19 a.m.119 views

BIT-GITLAB-2024-7296 Incorrect Authorization in GitLab

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

2.7CVSS3.4AI score0.00339EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/15 6:1 a.m.12 views

CVE-2025-1257

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...

7.5CVSS6.4AI score0.0043EPSS
Exploits0References1
Rows per page
Query Builder