BIT-GITLAB-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition. An attacker exploited the vulnerability to allow account takeover by compromising the OAuth process. The following versions are affected:...

GitLab 16.7 < 17.1.7 / 17.3 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-6685)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to...

CVE-2024-8641

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

CVE-2024-8641 Privilege Context Switching Error in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

CVE-2024-8641

Removed by vendor...

UBUNTU-CVE-2024-6389

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...

CVE-2024-8635

CVE-2024-8635 is a server-side request forgery (SSRF) in GitLab Enterprise Edition (EE). Affected: GitLab EE versions starting 16.8 up to but not including 17.1.7, 17.2 up to but not including 17.2.5, and 17.3 up to but not including 17.3.2. Root cause: abuse of a custom Maven Dependency Proxy UR...

CVE-2024-8640

Removed by vendor...

GitLab 15.10 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-5435)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab EE versions prior to 17.2 to 17.2.5...