CVE-2023-1825

CVE-2023-1825 affects GitLab EE, with a vulnerability that allowed disclosure of issue notes to unauthorized users during project export in multiple release lines (15.7–15.10.7, 15.11.0–15.11.6, 16.0.0–16.0.1). The underlying issue is the exposure of issue notes when exporting a project, enabling...

CVE-2023-2589

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the...

CVE-2023-1825

Removed by vendor...

CVE-2023-2132

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted...

CVE-2023-1621

Removed by vendor...

GitLab CE/EE Path Traversal Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even...

CVE-2023-0805

CVE-2023-0805 affects GitLab EE, with the issue allowing a malicious group member to retain access to the public projects of a public group after being banned. Affected versions are: GitLab EE 15.2–15.9.5, 15.10–15.10.4, and 15.11–15.11.0. Root cause details are provided across connected sources;...

CVE-2023-0805

Removed by vendor...

CVE-2023-2182

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users...

CVE-2023-1965

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access toke...

PT-2023-16536 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.2 through 15.9.5 GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0 Description: An issue has been discovered in GitLab EE where a malicious group member may continue to have access to the...

CVE-2023-2182

The CVE-2023-2182 issue affects GitLab EE, specifically versions 15.10 up to 15.10.4 and 15.11 up to 15.11.0. Under certain conditions with OpenID Connect enabled, users marked as 'external' may be promoted to 'regular' users, enabling privilege escalation. The vulnerability is described across m...

CVE-2023-1965

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access toke...

CVE-2023-0805

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even...

CVE-2023-1965

Removed by vendor...

CVE-2023-1167

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR...

Authorization

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR...

CVE-2023-1167

CVE-2023-1167 : Improper authorization in GitLab EE/CE allows unauthorized access to security reports in Merge Requests. Affected versions include GitLab EE/CE: 12.3.0 up to before 15.8.5, 15.9 up to before 15.9.4, and 15.10 up to before 15.10.1. The issue is documented across multiple sources (N...

CVE-2023-1167

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR...