21289 matches found
CVE-2026-1516 Improper Control of Generation of Code ('Code Injection') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...
CVE-2026-1516 Improper Control of Generation of Code ('Code Injection') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...
CVE-2026-1516
CVE-2026-1516 affects GitLab Enterprise Edition (EE) with a vulnerability in Code Quality reports that could allow an authenticated user to leak IP addresses of users viewing the report through specially crafted content. Affected versions include all 18.0.0 up to, but not including, 18.8.9; all 1...
CVE-2026-1752 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...
CVE-2026-1752
Removed by vendor...
CVE-2026-1752 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...
CVE-2026-1752
GitLab EE: An authenticated user with developer-role permissions could modify protected environment settings due to improper authorization checks in the API. Affected versions: 11.3–18.8.8 (before 18.8.9), 18.9 (before 18.9.5), and 18.10 (before 18.10.3). CVSS v3.1 base score 4.3 (Medium). Remedi...
CVE-2026-2104
GitLab CE/EE is affected in all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3. An authenticated user could access confidential issues assigned to other users via CSV export due to insufficient authorization checks. The CVSSv3.1 base score is 4.3 (Medium) with atta...
CVE-2026-2104
Removed by vendor...
CVE-2026-2104 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...
CVE-2026-2104 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...
CVE-2026-2619 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...
CVE-2026-2619 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...
CVE-2026-2619
Removed by vendor...
CVE-2026-2619
GitLab Enterprise Edition (GitLab EE) versions affected: 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3. Affected component: vulnerability flag data in private projects. Root cause: incorrect authorization that could allow an authenticated user with auditor privileges to modify ...
CVE-2026-4332
GitLab Enterprise Edition is affected by CVE-2026-4332 in customizable analytics dashboards where an authenticated user could inject and execute arbitrary JavaScript in other users’ browsers due to improper input sanitization. Affected ranges are GitLab EE versions: 18.2 up to but not including 1...
CVE-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...
CVE-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...
CVE-2026-4332
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...
CVE-2026-4332
Removed by vendor...