Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient input sanitization in markdown of the library, allowing an attacker to inject and execute malicious javascript through the maliciously crafted markdown...

Improper Access Control

gitlab is vulnerable to an Improper Access Control vulnerability. This vulnerability occurs due to a flaw in the way that GitLab handles protected branches. An attacker can exploit this vulnerability to push to protected branches that were restricted to deploy keys...

Cross-Site Request Forgery (CSRF)

gitlab is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the GraphQL API, allowing an attacker to call mutations as the victim...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Feature Flag name of the library, which allows an attacker to inject and execute malicious flag names through the PUT request by clicking on a link...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the blob viewer of notebooks...

Access Control Bypass

gitlab is vulnerable to Access Control Bypass. This vulnerability occurs due to a flaw in the way that GitLab handles project forks. An attacker can exploit this vulnerability to access data of an internal repository through a project fork done by a project member...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An attacker with high privilege can obtain sensitive information from log files because the sensitive information is not correctly registered for log masking...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles signed commits. An attacker can exploit this vulnerability to spoof the author of a commit by using a valid certificate that has been signed by a trusted CA...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists because an attacker can cause uncontrolled resource consumption with a very long issue or merge request description, leading to an application crash...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists because an attacker can cause uncontrolled resource consumption with a specially crafted issue or merge request, leading to an application crash...

Cross-Site Leak

gitlab is vulnerable to Cross-Site Leak. The vulnerability exists in the OAuth flow, allowing an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF . This vulnerability occurs due to a flaw in the way that GitLab handles requests to the internal network for webhooks. An attacker can exploit this vulnerability to make HTTP requests to arbitrary domains of the attacker's choosing...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles the GitLab Runner API. An attacker can exploit this vulnerability to inject arbitrary code into the GitLab Runner process...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles the API endpoints for querying repository branches. An attacker can exploit this vulnerability to retrieve a large number of branches, which can lead to a denial-of-servic...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles GraphQL mutations. An attacker can exploit this vulnerability to perform Git actions even if they are not authorized to do so...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles the issue creation and update APIs. An attacker can exploit this vulnerability to change the timestamp for issue creation or update, even if they do not have the permission to do...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the pull mirror credentials are exposed to the maintainers since they are stored in the plain-text...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists becuse the library does not properly validate image files, allowing an attacker to inject and execute malicious command through the file parser...

Arbitrary File Read

gitlab is vulnerable to Arbitrary File Read. This vulnerability occurs due to a flaw in the way that GitLab handles Wiki pages. An attacker can exploit this vulnerability to read arbitrary files on the server, including files that are not accessible to normal users...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles project forks. An attacker can exploit this vulnerability to access data of an internal repository through a public project fork, even if the attacker does not have permissions t...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles the API endpoints for managing project permissions. An attacker can exploit this vulnerability to force a user to grant them permissions to a project, even if the user does not...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles the import feature. An attacker can exploit this vulnerability to read arbitrary files on the server, including files that are not accessible to normal users...

Buffer Overflow

osslsigncode is vulnerable to Buffer Overflows. This vulnerability occurs due to a flaw in the way that mtrojnar osslsigncode handles the processing of large files. An attacker can exploit this vulnerability to cause a denial-of-service DoS attack or potentially execute arbitrary code on the syst...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the scoped labels...

Improper Authorization

gitlab is vulnerable to Improper Authorization. This vulnerability allows an authenticated user to delete incident metric images of public projects due to improper authorization mechanisms...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the merge request with maliciously crafted branch name...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists due to the infinite loop when an authenticated user with specific rights access a MR having source and target branch pointing to each other, leading to crash the application...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability occurs because marshalled session keys were being stored in redis, resulting in Cleartext Storage of Sensitive Information...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This issue allows a member of a private group to validate the use of a specific name for a private project resulting in generation of error message containing sensitive information...

Arbitrary Code Execution

gitlab is vulnerable to Arbitrary Code Execution. An attacker can inject and execute malicious code on server...

Path Traversal

gitlab is vulnerable to Path Traversal. The vulnerability results in the leakage of a JWT tokens via path traversal...

Improper Certificate Validation

gitlab is vulnerable to Improper Certificate Validation. This vulnerability occurs due to security issue in relation to certificate validations for the fortinet OTP leading to an authentication issue...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability allows confidential issue titles to become readable by unauthorized users through branch logs...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. This allows a group maintainer to modify the group CI/CD variables resulting in a authorization issue...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This allows a local authenticated user to gain access to server logs resulting in the disclosure of sensitive information...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. This could be exploited with user interactions due to a stored XSS in the epics page...

Uncontrolled Resource Consumption

gitlab is vulnerable to Uncontrolled Resource Consumption. This allows a malicious attacker to create a recursive pipeline relation resulting in them being able to exhaust resources...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This occurs due to improper access control which allows unauthorized users to access details on analytics pages...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability occurs through the outbound requests feature causing a SSRF...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. This vulnerability occurs through the prometheus intergration in gitlab which could lead to a SRRF attack...

Uncontrolled Resource Consumption

gitlab is vulnerable to Uncontrolled Resource Consumption. Thie allows a malicious attacker to spike the server resource utilization resulting in a potential denial of service...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. The vulnerability allows demoted project members to gain access to details on authored merge requests due to improper access controls...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability occurs when requests to the internal network for webhooks are enabled allowing an unauthenticated attacker to exploit it even on a gitlab instance where registration is disabled...

Improper Authorization

gitlab is vulnerable to Improper Authorization. This allows a malicious user in a private project to view tag data on release pages due to improper authorization checks within gitlab...

Improper Authentication

gitlab is vulnerable to Improper Authentication. The vulnerability allows a malicious attacker to steal a users API token via a malicious link due to insufficient validation...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a malicious attacker to decrypt content form the database due to a broken cryptographic algorithm...

Uncontrolled Resource Consumption

gitlab is vulnerable to Uncontrolled Resource Consumption. This results in a regular expression denial of service leading to resource exhaustion...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the incorrect header implementation in the project page, which allows an attacker to have temporary read access to the private repository...

Arbitrary Code Execution

Bitcoin and Dogecoin are vulnerable Arbitrary Code Execution. The vulnerability is due to the application unsafely passing the -platformpluginpath argument, which can be triggered by a .desktop file resulting in arbitrary code execution...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. This allows a malicious attacker in possession of a project deploy token to use it from any location even if IP address restrictions were set...