961 matches found
CVE-2023-3904
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards...
Input validation
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...
CVE-2023-6680
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a...
CVE-2023-3904
Removed by vendor...
CVE-2023-3904 Improper Validation of Specified Type of Input in GitLab
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards...
CVE-2023-6680
CVE-2023-6680 affects GitLab Enterprise Edition (EE) Smartcard authentication. The issue is an improper certificate validation in the Smartcard authentication flow that, if enabled by an administrator (it is an experimental feature), allows an attacker to authenticate as another user using a publ...
CVE-2023-6680
Removed by vendor...
CVE-2023-6680 Improper Certificate Validation in GitLab
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...
CVE-2023-6680 Improper Certificate Validation in GitLab
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...
CVE-2023-3511
CVE-2023-3511 : GitLab EE contains a logic/authorization flaw affecting all versions from 8.17 up to 16.4.3, 16.5.0 up to 16.5.3, and 16.6.0 up to 16.6.1. The issue allows auditor users to fork and submit merge requests to private projects they are not a member of. Exploitation details are not pr...
CVE-2023-3511 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a...
CVE-2023-3511
Removed by vendor...
CVE-2023-5332
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...
Code injection
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...
CVE-2023-5332
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...
CVE-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...
CVE-2023-5332
CVE-2023-5332 concerns a vulnerability in the third‑party library Consul used by GitLab‑EE. The patch patching this issue requires enable-script-checks to be set to False; if not, the patch could be bypassed. The issue affects GitLab‑EE via Consul script-check configuration. Exploitation details ...
CVE-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...