54 matches found
CVE-2025-4976 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...
PT-2025-30634 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 18.0.4 GitLab EE versions 18.1 through 18.1.2 GitLab EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab EE that, under certain circumstances, could allow an attacker to access internal notes...
CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2023-1710
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...
CVE-2022-3819
An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to...
BIT-GITLAB-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
UBUNTU-CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650
CVE-2024-8650 affects GitLab CE/EE. Versions: 15.0 up to but not including 17.4.6; 17.5 up to but not including 17.5.4; 17.6 up to but not including 17.6.2. The issue allows non-member users to view unresolved threads marked as internal notes in public project merge requests. Root cause or code-l...
CVE-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
GitLab 15.0 < 17.4.6 / 17.5 < 17.5.4 / 17.6 < 17.6.2 (CVE-2024-8650)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked...
Gitlab -- Vulnerabilities
Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...
PT-2024-10173 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: The issue is related to insufficient authorization procedures in the Public Project Handler component o...
BIT-GITLAB-2022-3819
An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to...
BIT-GITLAB-2023-1710
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...
Information Disclosure
gitlab is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate user input, allowing an attacker to view the count of internal notes for a given issue...
Improper Authorization
gitlab is vulnerable to Improper Authorization. The vulnerability allows a malicious attacker to apply emojis on internal notes which they don't have access to, resulting in a breach...
Tennessee Valley Authority: Admin.MyTVA.com Customer lookup and internal notes bypass
The admin.mytva.com site had a vulnerability that allowed an attacker to bypass the login and access admin-only endpoints. This could lead to unauthorized access to customer information and the ability to add internal notes...