Filtered by vendor Gitlab
Subscriptions
Total
1216 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2485 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 4.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | ||||
| CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 5.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | ||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 7.5 High |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | ||||
| CVE-2022-4007 | 1 Gitlab | 1 Gitlab | 2025-03-12 | 5.4 Medium |
| A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2025-0475 | 1 Gitlab | 1 Gitlab | 2025-03-07 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances. | ||||
| CVE-2025-0555 | 1 Gitlab | 1 Gitlab | 2025-03-04 | 7.7 High |
| A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. | ||||
| CVE-2022-4315 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-03-04 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | ||||
| CVE-2024-8186 | 1 Gitlab | 1 Gitlab | 2025-03-03 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations. | ||||
| CVE-2023-1084 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 2.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. | ||||
| CVE-2023-1072 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. | ||||
| CVE-2023-0483 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. | ||||
| CVE-2023-0223 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. | ||||
| CVE-2023-0050 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 8.7 High |
| An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2022-4462 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. | ||||
| CVE-2022-4331 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group. | ||||
| CVE-2022-3767 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-02-28 | 7.7 High |
| Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. | ||||
| CVE-2022-3381 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | ||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | ||||
| CVE-2022-4317 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-02-28 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | ||||
| CVE-2023-0326 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-02-19 | 5 Medium |
| An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. | ||||