CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2023/10/03 4:54 p.m.•30 views

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

8.2CVSS6.8AI score0.00331EPSS

Exploits0References3

Prion•added 2023/09/29 8:15 a.m.•24 views

Code injection

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...

6.8CVSS6.7AI score0.00056EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/09/29 6:30 a.m.•19 views

CVE-2023-0989 Improper Ownership Management in GitLab

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...

4.3CVSS4.4AI score0.00065EPSS

Exploits0References2

Debian CVE•added 2023/09/29 6:2 a.m.•18 views

CVE-2023-3920

Removed by vendor...

4.3CVSS5.8AI score0.00319EPSS

Exploits0

Tenable Nessus•added 2023/09/29 12:0 a.m.•23 views

GitLab 15.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4379)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge...

8.1CVSS7.3AI score0.00013EPSS

Exploits0References3

Positive Technologies•added 2023/09/28 12:0 a.m.•2 views

PT-2023-26802 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 16.2.8 GitLab EE version 16.3 prior to 16.3.5 GitLab EE version 16.4 prior to 16.4.1 Description: A business logic error in GitLab EE allows access to internal projects. This occurs because a service account is not...

5.4CVSS6.5AI score0.00042EPSS

Exploits0References9

Positive Technologies•added 2023/09/28 12:0 a.m.•1 views

PT-2023-29496 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are...

4.3CVSS6.6AI score0.00044EPSS

Exploits0References12

Positive Technologies•added 2023/09/28 12:0 a.m.•1 views

PT-2023-26824 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab EE and CE versions prior to 16.2.8 Gitlab EE and CE version 16.3 prior to 16.3.5 Gitlab EE and CE version 16.4 prior to 16.4.1 Description: The issue allows an attacker to cause pipelines to fail, resulting in a Denial of Service. This...

7.5CVSS6.8AI score0.00067EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by