961 matches found
BIT-GITLAB-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...
CVE-2024-8311
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template...
CVE-2024-8311
Removed by vendor...
CVE-2024-8635
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
CVE-2024-8754
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
CVE-2024-8640
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...
CVE-2024-2743
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-4612
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...
CVE-2024-8631
CVE-2024-8631 describes a privilege escalation in GitLab EE where a user with the Admin Group Member custom role could elevate privileges to other custom roles. Affected: GitLab EE versions starting from 16.6 up to before 17.1.7; 17.2 up to before 17.2.5; 17.3 up to before 17.3.2. Remediation per...
CVE-2024-8631
Removed by vendor...
CVE-2024-8635
Removed by vendor...
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
CVE-2024-8635
CVE-2024-8635 is a server-side request forgery (SSRF) in GitLab Enterprise Edition (EE). Affected: GitLab EE versions starting 16.8 up to but not including 17.1.7, 17.2 up to but not including 17.2.5, and 17.3 up to but not including 17.3.2. Root cause: abuse of a custom Maven Dependency Proxy UR...
CVE-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743
Removed by vendor...
CVE-2024-2743
CVE-2024-2743 affects GitLab-EE: vulnerable in versions 13.3–before 17.1.7, 17.2–before 17.2.5, and 17.3–before 17.3.2. Root cause described as incorrect authorization that allows an attacker to modify an on-demand DAST scan without permissions and leak variables. Impact is the ability to alter s...
CVE-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-4660 Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...
CVE-2024-4660
Removed by vendor...