CVE-2024-4660

CVE-2024-4660 concerns GitLab Enterprise Edition (EE). Affected: all versions 11.2–17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2. Description: a guest could read the source code of a private project by exploiting group templates. Impact: confidentiality loss of private project source code. The...

CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...

CVE-2024-8640

Removed by vendor...

CVE-2024-8640

CVE-2024-8640 affects GitLab Enterprise Edition (GitLab EE) versions with all 16.11+, up to but not including 17.1.7; 17.2.x up to 17.2.5; and 17.3.x up to 17.3.2. Root cause is incomplete input filtering that enables command injection into a connected Cube server. Impact is high: confidentiality...

BIT-GITLAB-2024-3127 Improper Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

CVE-2024-3127

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...

CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

CVE-2024-3127

Removed by vendor...

CVE-2024-7110

Removed by vendor...

PT-2024-38082 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 17.1.6 GitLab EE version 17.2 prior to 17.2.4 GitLab EE version 17.3 prior to 17.3.1 Description: An issue in GitLab EE allows an attacker to execute arbitrary commands in a victim's pipeline through prompt...

BIT-GITLAB-2024-2800 Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

BIT-GITLAB-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

CVE-2024-2800

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

CVE-2024-2800 Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

CVE-2024-7057

Removed by vendor...

CVE-2024-5067

Removed by vendor...

CVE-2024-5067

CVE-2024-5067 describes an exposure in GitLab Enterprise Edition where certain project-level analytics settings could be leaked in the DOM to group members with Developer or higher roles. Affected versions include 16.11 up to 17.0.5, 17.1 up to 17.1.3, and 17.2 up to 17.2.1. The vulnerability is ...

BIT-GITLAB-2024-3115 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat...

CVE-2024-3115

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat...

CVE-2024-3115

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat...