CVE-2025-2938 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

CVE-2025-0549

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

GitLab 17.3 < 17.9.8 / 17.10 < 17.10.6 / 17.11 < 17.11.2 (CVE-2025-0549)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows...

UBUNTU-CVE-2024-10240

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project,...

GitLab 17.3 < 17.3.7 / 17.4 < 17.4.4 / 17.5 < 17.5.2 (CVE-2024-10240)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which...

CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-9164 Missing Authentication for Critical Function in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches...

UBUNTU-CVE-2024-8974

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."...

GitLab 16.7 < 17.1.7 / 17.3 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-6685)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to...

CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab Enterprise Edition and GitLab Community Edition pri...

PT-2024-7210 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 Description: An issue was discovered in GitLab CE/EE, which allows deploy keys to push to an archived repository. Th...

Azure File Sync Agent v17.3 Release – June 2024 (KB5039814)

Security Update for Azure File Sync agent version 17.3.0.0. For more details, see the associated Microsoft Knowledge Base article...

Apple tvOS Security Breach

Apple tvOS is an operating system for smart TVs from Apple. A security vulnerability exists in Apple tvOS version 17.3, which originates from an application that may be able to execute arbitrary code using kernel privileges...

Apple tvOS Security Breach

Apple tvOS is a smart TV operating system from Apple, Inc. A security vulnerability exists in Apple tvOS version 17.3, which stems from processing web content that may lead to arbitrary code execution...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.3 and iPadOS version 17.3, which arises from an application that m...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.3 and iPadOS version 17.3, which stems from the possibility that...

Apple tvOS Security Breach

Apple tvOS is a smart TV operating system from Apple. A security vulnerability exists in Apple tvOS version 17.3, which originates from a maliciously crafted web page that may be able to capture a user's fingerprint...

Apple tvOS Security Breach

Apple tvOS is a smart TV operating system from Apple. A security vulnerability exists in Apple tvOS version 17.3, which stems from an application that may be able to view a user's phone number in the system log...

Microsoft Visual Studio 安全漏洞

Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools from Microsoft Corporation USA that includes most of the tools needed throughout the software lifecycle. A security vulnerability exists in Microsoft Visual Studio. An attacker cou...