123 matches found
CVE-2025-0516 vulnerabilities
Vulnerabilities for packages: gitlab-pages, gitlab-cng...
CVE-2025-1212 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ee-fips, gitlab-pages, gitlab-ee-fips, gitlab-pages-fips, gitlab-runner-fips, gitlab-cng, gitlab-rails-ee, gitlab-cng-fips, gitlab-ee...
CVE-2025-1212 vulnerabilities
Vulnerabilities for packages: gitlab-pages, gitlab-cng...
CVE-2025-1042 vulnerabilities
Vulnerabilities for packages: gitlab-pages, gitlab-cng...
CVE-2025-1042 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ee-fips, gitlab-pages, gitlab-ee-fips, gitlab-pages-fips, gitlab-runner-fips, gitlab-cng, gitlab-rails-ee, gitlab-cng-fips, gitlab-ee...
CVE-2025-0376 vulnerabilities
Vulnerabilities for packages: gitlab-pages, gitlab-cng...
CVE-2025-0376 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ee-fips, gitlab-pages, gitlab-ee-fips, gitlab-pages-fips, gitlab-runner-fips, gitlab-cng, gitlab-rails-ee, gitlab-cng-fips, gitlab-ee...
CVE-2024-12379 vulnerabilities
Vulnerabilities for packages: gitlab-pages, gitlab-cng...
CVE-2024-12379 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ee-fips, gitlab-pages, gitlab-ee-fips, gitlab-pages-fips, gitlab-runner-fips, gitlab-cng, gitlab-rails-ee, gitlab-cng-fips, gitlab-ee...
CVE-2024-5528
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...
BIT-GITLAB-2024-5528 Incomplete Comparison with Missing Factors in GitLab
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...
UBUNTU-CVE-2024-5528
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...
CVE-2024-5528
CVE-2024-5528 affects GitLab CE/EE: subdomain takeover in GitLab Pages. Affected versions are: all prior to 16.11.6; 17.0 prior to 17.0.4; and 17.1 prior to 17.1.2. The issue is fixed by upgrading to 16.11.6 or newer, 17.0.4 or newer, and 17.1.2 or newer, respectively (GitLab patch releases exist...
PT-2024-36503 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 16.11.6 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: An issue was discovered in GitLab CE/EE which allows a subdomain takeover in GitLab Pages. Recommendations...
RATELIMITED: Subdomain takeover in GitLab Pages [george.ratelimited.me]
A subdomain takeover vulnerability was discovered in GitLab Pages. Subdomains could be taken over without verification of domain ownership. The vulnerability allowed an attacker to gain control of the subdomain...
GitLab: Subdomain takeover in Gitlab pages
The vulnerability allowed an attacker to take over a dangling custom domain pointing to GitLab Pages using "instanceX.gitlab.io". The problem arose when adding a custom domain to GitLab Pages without verifying the domain, as it would still serve content for 7 days before being disabled...
GitLab 11.5.0 < 13.5.6 / 13.6.0 < 13.6.4 / 13.7.0 < 13.7.2 (CVE-2021-22171)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link CVE-2021-22171 Note...
BIT-GITLAB-2021-22171
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...
BIT-GITLAB-2022-1148
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-ec2, nerdctl, weaviate, src, aws-load-balancer-controller, nri-kubernetes, rook, aws-flb-kinesis, runc, trust-manager, kubescape, kubernetes-dashboard-metrics-scraper, scorecard, crossplane, nri-discovery-kubernetes,...