7 matches found
CVE-2023-5207
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...
Code injection
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...
CVE-2023-0989 Improper Ownership Management in GitLab
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...
GitLab 15.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4379)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge...
PT-2023-26802 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 16.2.8 GitLab EE version 16.3 prior to 16.3.5 GitLab EE version 16.4 prior to 16.4.1 Description: A business logic error in GitLab EE allows access to internal projects. This occurs because a service account is not...
PT-2023-29496 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are...
PT-2023-26824 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: Gitlab EE and CE versions prior to 16.2.8 Gitlab EE and CE version 16.3 prior to 16.3.5 Gitlab EE and CE version 16.4 prior to 16.4.1 Description: The issue allows an attacker to cause pipelines to fail, resulting in a Denial of Service. This...