CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/10/11 11:30 a.m.•139 views

CVE-2024-9164

The CVE-2024-9164 entry affects GitLab Enterprise Edition. The issue allows running pipelines on arbitrary branches across all versions starting from 12.5 up to but not including 17.2.9, from 17.3 up to but not including 17.3.5, and from 17.4 up to but not including 17.4.2. The underlying problem...

9.6CVSS9.2AI score0.00911EPSS

Exploits0References2Affected Software1

Debian CVE•added 2024/10/11 11:30 a.m.•20 views

CVE-2024-9164

Removed by vendor...

9.6CVSS7.5AI score0.00911EPSS

OSV•added 2024/10/11 11:30 a.m.•10 views

CVE-2024-9164 Missing Authentication for Critical Function in GitLab

9.6CVSS9.3AI score0.00911EPSS

Exploits0References5

NVD•added 2024/10/10 10:15 a.m.•23 views

CVE-2024-8977

8.2CVSS0.00485EPSS

Debian CVE•added 2024/10/10 10:2 a.m.•13 views

CVE-2024-8977

Removed by vendor...

8.2CVSS6AI score0.00485EPSS

OSV•added 2024/10/10 10:2 a.m.•12 views

CVE-2024-9596 Inclusion of Sensitive Information in Source Code in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance...

3.7CVSS6.5AI score0.0033EPSS

OSV•added 2024/09/27 7:24 a.m.•143 views

BIT-GITLAB-2024-4278 Incorrect Synchronization in GitLab

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...

5.5CVSS4.1AI score0.00226EPSS

Exploits0References3

CVE•added 2024/09/26 11:2 p.m.•65 views

CVE-2024-4099

GitLab Enterprise Edition (EE) is affected by CVE-2024-4099 across all versions: 16.0–16.2.x? (as per description: 16.0 up to 17.2.7, 17.3 up to 17.3.3, and 17.4 up to 17.4.0). The underlying issue involves an AI feature that reads unsanitized content, which could allow an attacker to hide prompt...

5.3CVSS4.4AI score0.00271EPSS

Exploits0References2Affected Software1

Debian CVE•added 2024/09/26 11:2 p.m.•15 views

CVE-2024-4099

Removed by vendor...

5.3CVSS5.8AI score0.00271EPSS

OSV•added 2024/09/26 11:2 p.m.•13 views

CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection...

3.1CVSS6.4AI score0.00271EPSS

Exploits0References5

OSV•added 2024/09/26 6:30 a.m.•14 views

CVE-2024-4278 Incorrect Synchronization in GitLab

5.5CVSS6AI score0.00226EPSS

Exploits0References5

Debian CVE•added 2024/09/26 6:30 a.m.•12 views

CVE-2024-4278

Removed by vendor...

5.5CVSS5.8AI score0.00226EPSS

NVD•added 2024/09/16 10:15 p.m.•19 views

CVE-2024-4283

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...

6.4CVSS0.00358EPSS

Cvelist•added 2024/09/16 9:34 p.m.•25 views

CVE-2024-4283 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

6.4CVSS0.00358EPSS

Debian CVE•added 2024/09/16 9:34 p.m.•11 views

CVE-2024-4283

Removed by vendor...

6.4CVSS5.8AI score0.00358EPSS

OSV•added 2024/09/14 7:17 a.m.•13 views

BIT-GITLAB-2024-2743 Incorrect Authorization in GitLab

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...

9.1CVSS6.8AI score0.00403EPSS

OSV•added 2024/09/14 7:13 a.m.•17 views

BIT-GITLAB-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...

6.4CVSS6.2AI score0.00364EPSS

OSV•added 2024/09/14 7:12 a.m.•16 views

BIT-GITLAB-2024-4660 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...

7.5CVSS6.7AI score0.00489EPSS