CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

CVE-2023-4700 Missing Authorization in GitLab

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...

Design/Logic Flaw

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor...

UBUNTU-CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2023-3909 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2023-5825

GitLab CE/EE CVE-2023-5825 affects 16.2–16.3.5, 16.4.0–16.4.1, and 16.5.0 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path, causing memory exhaustion via an infinite loop and Denial of Service. Impact: availability only. Remediation: upgrade to GitLab 16.3...

PT-2023-23803 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions prior to 16.3.6 GitLab EE/CE versions 16.4.0 through 16.4.1 GitLab EE/CE versions 16.5.0 Description: An issue has been discovered in GitLab EE/CE that allows attackers to block the Sidekiq job processor. Recommendations...