← Back

Gitlab

gitlab

1,402 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Gitlab
gitlab
1,387 CVEs
Gitlab Shell
gitlab-shell
5 CVEs
Dynamic Application Security Testing Analyzer
dynamic_application_security_testing_analyzer
4 CVEs
Runner
runner
3 CVEs
Gitlab Vscode Extension
gitlab-vscode-extension
2 CVEs
Omnibus
omnibus
1 CVE
Gitaly
gitaly
1 CVE
Gitlab Runner
gitlab_runner
1 CVE
Dast Api Scanner
dast_api_scanner
1 CVE
\
1 CVE
Language Server
language_server
1 CVE

CVEs (1,402)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-3114
1Gitlab
1Gitlab
Aug 30, 2024
Aug 8, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regu...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.Show less
CVE-2024-3035
1Gitlab
1Gitlab
Aug 29, 2024
Aug 8, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repos...Show more
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.Show less
CVE-2024-2800
1Gitlab
1Gitlab
Sep 18, 2024
Aug 8, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex back...Show more
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.Show less
CVE-2024-6329
1Gitlab
1Gitlab
Aug 23, 2024
Aug 8, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to ren...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.Show less
CVE-2024-4784
1Gitlab
1Gitlab
Aug 23, 2024
Aug 8, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
CVE-2024-4210
1Gitlab
1Gitlab
Aug 23, 2024
Aug 8, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a d...Show more
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files.Show less
CVE-2024-7057
1Gitlab
1Gitlab
Nov 21, 2024
Jul 25, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be ina...Show more
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.Show less
CVE-2024-7047
1Gitlab
1Gitlab
Nov 21, 2024
Jul 25, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context...Show more
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.Show less
CVE-2024-7091
1Gitlab
1Gitlab
Nov 21, 2024
Jul 24, 2024
N/A· v4
5.0 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited info...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.Show less
CVE-2024-7060
1Gitlab
1Gitlab
Nov 21, 2024
Jul 24, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resu...Show more
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.Show less
CVE-2024-5067
1Gitlab
1Gitlab
Nov 21, 2024
Jul 24, 2024
N/A· v4
4.9 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings c...Show more
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.Show less
CVE-2024-0231
1Gitlab
1Gitlab
Nov 21, 2024
Jul 24, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
CVE-2024-6595
1Gitlab
1Gitlab
Nov 21, 2024
Jul 17, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM packag...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.Show less
CVE-2024-6385
1Gitlab
1Gitlab
Nov 21, 2024
Jul 11, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeli...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.Show less
CVE-2024-5470
1Gitlab
1Gitlab
Nov 21, 2024
Jul 11, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-l...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.Show less
CVE-2024-5257
1Gitlab
1Gitlab
Nov 21, 2024
Jul 11, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to m...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.Show less
CVE-2024-2880
1Gitlab
1Gitlab
Nov 21, 2024
Jul 11, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` cus...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.Show less
CVE-2024-2177
1Gitlab
1Gitlab
Dec 12, 2024
Jul 9, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth...Show more
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.Show less
CVE-2024-6323
1Gitlab
1Gitlab
Nov 21, 2024
Jun 27, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a publi...Show more
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.Show less
CVE-2024-5655
1Gitlab
1Gitlab
Nov 21, 2024
Jun 27, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeli...Show more
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.Show less