Lucene search
K

54 matches found

OSV
OSV
added 2025/07/24 6:5 a.m.5 views

CVE-2025-4976 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

4.3CVSS6.5AI score0.00392EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.6 views

PT-2025-30634 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 18.0.4 GitLab EE versions 18.1 through 18.1.2 GitLab EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab EE that, under certain circumstances, could allow an attacker to access internal notes...

5.3CVSS5.9AI score0.00392EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.9 views

CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS4.8AI score0.00435EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.4 views

CVE-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...

5.3CVSS6.2AI score0.00786EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:59 p.m.6 views

CVE-2022-3819

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to...

4.3CVSS6.3AI score0.00426EPSS
Exploits0
OSV
OSV
added 2024/12/18 7:10 a.m.480 views

BIT-GITLAB-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS5.1AI score0.00435EPSS
Exploits1References3
NVD
NVD
added 2024/12/16 5:15 a.m.31 views

CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS0.00435EPSS
Exploits1References2
OSV
OSV
added 2024/12/16 5:15 a.m.4 views

UBUNTU-CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS5.8AI score0.00435EPSS
Exploits1References4
CVE
CVE
added 2024/12/16 4:30 a.m.782 views

CVE-2024-8650

CVE-2024-8650 affects GitLab CE/EE. Versions: 15.0 up to but not including 17.4.6; 17.5 up to but not including 17.5.4; 17.6 up to but not including 17.6.2. The issue allows non-member users to view unresolved threads marked as internal notes in public project merge requests. Root cause or code-l...

5.3CVSS5AI score0.00435EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/12/16 4:30 a.m.4 views

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS6.3AI score0.00435EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/12/16 4:30 a.m.42 views

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS0.00435EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/12/16 4:30 a.m.13 views

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

5.3CVSS6.4AI score0.00435EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/12/16 12:0 a.m.12 views

GitLab 15.0 < 17.4.6 / 17.5 < 17.5.4 / 17.6 < 17.6.2 (CVE-2024-8650)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked...

5.3CVSS5.5AI score0.00435EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2024/12/11 12:0 a.m.29 views

Gitlab -- Vulnerabilities

Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...

8.7CVSS6.4AI score0.00765EPSS
Exploits8References1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.3 views

PT-2024-10173 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: The issue is related to insufficient authorization procedures in the Public Project Handler component o...

5.3CVSS6.7AI score0.00435EPSS
Exploits1References15
OSV
OSV
added 2024/03/06 11:13 a.m.18 views

BIT-GITLAB-2022-3819

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to...

4.3CVSS4.4AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:10 a.m.24 views

BIT-GITLAB-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...

5.3CVSS4.9AI score0.00786EPSS
Exploits0References4
Veracode
Veracode
added 2023/07/23 12:21 p.m.18 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate user input, allowing an attacker to view the count of internal notes for a given issue...

5.3CVSS8.8AI score0.00786EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/07/23 12:41 a.m.20 views

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability allows a malicious attacker to apply emojis on internal notes which they don't have access to, resulting in a breach...

4.3CVSS6.7AI score0.00426EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2023/06/29 8:14 p.m.14 views

Tennessee Valley Authority: Admin.MyTVA.com Customer lookup and internal notes bypass

The admin.mytva.com site had a vulnerability that allowed an attacker to bypass the login and access admin-only endpoints. This could lead to unauthorized access to customer information and the ability to add internal notes...

6.6AI score
Exploits0
Rows per page
Query Builder