Filtered by vendor Gitlab
Subscriptions
Total
1189 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2233 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.1 Low |
| An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. | ||||
| CVE-2023-2164 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta. | ||||
| CVE-2023-2022 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge | ||||
| CVE-2023-1555 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 2.7 Low |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | ||||
| CVE-2023-1401 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 5 Medium |
| An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | ||||
| CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 2.6 Low |
| An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | ||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | ||||
| CVE-2023-0989 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | ||||
| CVE-2023-0632 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. | ||||
| CVE-2023-0120 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | ||||
| CVE-2022-4343 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | ||||
| CVE-2022-3331 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 3.5 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues. | ||||
| CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. | ||||
| CVE-2022-3330 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 4.3 Medium |
| It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | ||||
| CVE-2022-2992 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 9.9 Critical |
| A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | ||||
| CVE-2022-2884 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 9.9 Critical |
| A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint | ||||
| CVE-2022-2865 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2022-2908 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | ||||
| CVE-2022-2630 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events. | ||||
| CVE-2022-2592 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. | ||||