Filtered by vendor Gitlab
Subscribe
Total
1087 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4546 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2024-11-21 | 6.5 MEDIUM | N/A |
| The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. | |||||
| CVE-2013-4490 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2024-11-21 | 6.5 MEDIUM | N/A |
| The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. | |||||
| CVE-2013-4489 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | N/A |
| The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature. | |||||
| CVE-2024-8977 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 8.1 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks. | |||||
| CVE-2024-9596 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance. | |||||
| CVE-2024-9623 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | |||||
| CVE-2024-6530 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. | |||||
| CVE-2024-4278 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 2.7 LOW |
| An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. | |||||
| CVE-2024-4099 | 1 Gitlab | 1 Gitlab | 2024-10-04 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection. | |||||
| CVE-2024-8974 | 1 Gitlab | 1 Gitlab | 2024-10-04 | N/A | 4.3 MEDIUM |
| Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." | |||||
| CVE-2024-4283 | 1 Gitlab | 1 Gitlab | 2024-09-24 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow. | |||||
| CVE-2024-6685 | 1 Gitlab | 1 Gitlab | 2024-09-24 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members. | |||||
| CVE-2024-2800 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 7.5 HIGH |
| ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking. | |||||
| CVE-2024-4207 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | |||||
| CVE-2024-8754 | 1 Gitlab | 1 Gitlab | 2024-09-14 | N/A | 8.1 HIGH |
| An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured. | |||||
| CVE-2024-8041 | 1 Gitlab | 1 Gitlab | 2024-09-11 | N/A | 6.5 MEDIUM |
| A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. | |||||
| CVE-2024-7110 | 1 Gitlab | 1 Gitlab | 2024-09-11 | N/A | 6.4 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | |||||
| CVE-2024-6502 | 1 Gitlab | 1 Gitlab | 2024-09-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. | |||||
| CVE-2024-3114 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server. | |||||
| CVE-2024-3035 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 8.1 HIGH |
| A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | |||||