VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2024-9367Dec 12, 2024
    affected >= 13.9.0, < 17.4.6fixed 17.4.6

    An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing tem

  • CVE-2024-9387Dec 12, 2024
    affected >= 11.8.0, < 17.4.6fixed 17.4.6

    An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

  • CVE-2024-10043Dec 12, 2024
    affected >= 14.3.0, < 17.4.6fixed 17.4.6

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Dif

  • CVE-2024-11274Dec 12, 2024
    affected >= 16.1.0, < 17.4.6fixed 17.4.6

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

  • CVE-2024-12570Dec 12, 2024
    affected >= 13.7.0, < 17.4.6fixed 17.4.6

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to

  • CVE-2024-12292Dec 12, 2024
    affected >= 11.0.0, < 17.4.6fixed 17.4.6

    An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

  • CVE-2024-10240Nov 26, 2024
    affected >= 17.3.0, < 17.3.7fixed 17.3.7

    An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a p

  • CVE-2024-11828Nov 26, 2024
    affected >= 13.2.4, < 17.4.5fixed 17.4.5

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regr

  • CVE-2024-11669Nov 26, 2024
    affected >= 16.9.8, < 17.4.5fixed 17.4.5

    An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

  • CVE-2024-8114Nov 26, 2024
    affected >= 8.12.0, < 17.4.5fixed 17.4.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.

  • CVE-2024-8177Nov 26, 2024
    affected >= 15.6.0, < 17.4.5fixed 17.4.5

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

  • CVE-2024-8237Nov 26, 2024
    affected >= 12.6.0, < 17.4.5fixed 17.4.5

    A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

  • CVE-2024-11668Nov 26, 2024
    affected >= 16.11.0, < 17.4.5fixed 17.4.5

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.

  • CVE-2024-9633Nov 14, 2024
    affected >= 16.3.0, < 17.3.7fixed 17.3.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing uni

  • CVE-2024-7404Nov 14, 2024
    affected >= 17.2.0, < 17.3.7fixed 17.3.7

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.

  • CVE-2024-8648Nov 14, 2024
    affected >= 16.0.0, < 17.3.7fixed 17.3.7

    An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.

  • CVE-2024-8180Nov 14, 2024
    affected >= 17.3.0, < 17.3.7fixed 17.3.7

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.

  • CVE-2024-9693Nov 14, 2024
    affected >= 16.0.0, < 17.3.7fixed 17.3.7

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configur

  • CVE-2024-6826Oct 24, 2024
    affected >= 11.2.0, < 17.3.6fixed 17.3.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.

  • CVE-2024-8312Oct 24, 2024
    affected >= 15.10.0, < 17.3.6fixed 17.3.6

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.

Page 16 of 54