CVE-2024-9512

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

CVE-2024-9512

Removed by vendor...

PT-2025-25292 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 through 17.10.8 GitLab CE/EE versions 17.11 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to trigger an infinite redirect...

PT-2025-25291 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, allowing authenticated users to access arbitrary...

PT-2025-25286 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: An issue has been discovered in GitLab CE/EE, where a lack of input validation in Board Names could ...

PT-2025-25289

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.0 through 18.0.2 Description An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions, HTML injection in the new search page could lead to account...

PT-2025-25288 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: The issue is related to improper output encoding in the snippet viewer functionality, leading to...

PT-2025-25313 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 17.10.8 GitLab EE versions 17.11 prior to 17.11.4 GitLab EE versions 18.0 prior to 18.0.2 Description: An issue has been discovered in GitLab EE that may have allowed private repositories to be cloned due to a race...

CVE-2025-1763

CVE-2025-1763 affects GitLab Enterprise Edition: cross-site scripting and content security policy bypass in a user’s browser due to improper neutralization of input during web page generation. Impacted ranges: 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Root cause describe...

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

CVE-2024-9163

Removed by vendor...

CVE-2024-4278

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...

CVE-2024-4283

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...

CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

CVE-2024-3127

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

CVE-2024-1066

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL vulnerabilitiesCountByDay...

CVE-2024-1250

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with managegroupaccesstokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation...

CVE-2024-0861

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the Guest role can change Custom dashboard projects settings contrary to permissions...

CVE-2024-4612

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...