63 matches found
CVE-2025-4972
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...
PT-2025-29071 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.3 through 17.11.5 GitLab EE versions 18.0 through 18.0.3 GitLab EE versions 18.1 through 18.1.1 Description: An issue exists in GitLab EE that allows authenticated project owners to bypass group-level forking restriction...
CVE-2025-5846
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...
CVE-2025-5846 Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...
CVE-2025-2443 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2024-7586
Removed by vendor...
CVE-2025-5982
Removed by vendor...
CVE-2024-9512
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
PT-2025-25313 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 17.10.8 GitLab EE versions 17.11 prior to 17.11.4 GitLab EE versions 18.0 prior to 18.0.2 Description: An issue has been discovered in GitLab EE that may have allowed private repositories to be cloned due to a race...
CVE-2024-7110
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...
CVE-2024-1250
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with managegroupaccesstokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation...
CVE-2024-0861
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the Guest role can change Custom dashboard projects settings contrary to permissions...
CVE-2024-4612
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...
CVE-2021-39930
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates...
PT-2025-17732 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.9.6 GitLab EE versions 17.10 through 17.10.4 GitLab EE versions 17.11 through 17.11.0 Description: An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security...
CVE-2024-11129
An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."...
CVE-2024-7296
An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...
BIT-GITLAB-2024-7296 Incorrect Authorization in GitLab
An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...
CVE-2025-1257
An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...