VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2024-4011Jun 26, 2024
    affected >= 16.1.0, < 16.11.5fixed 16.11.5

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.

  • CVE-2024-4557Jun 26, 2024
    affected >= 1.0.0, < 16.11.5fixed 16.11.5

    Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai

  • CVE-2024-4901Jun 26, 2024
    affected >= 16.9.0, < 16.11.5fixed 16.11.5

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.

  • CVE-2024-5655Jun 26, 2024
    affected >= 15.8.0, < 16.11.5fixed 16.11.5

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.

  • CVE-2024-5430Jun 26, 2024
    affected >= 16.10.0, < 16.11.5fixed 16.11.5

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.

  • CVE-2024-6323Jun 26, 2024
    affected >= 16.11.0, < 16.11.5fixed 16.11.5

    Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.

  • CVE-2024-5469Jun 14, 2024
    affected >= 16.10.0, < 16.10.6fixed 16.10.6

    DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.

  • CVE-2024-1736Jun 12, 2024
    affected >= 15.8.0, < 16.10.7fixed 16.10.7

    An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously craf

  • CVE-2024-1495Jun 12, 2024
    affected >= 13.1.0, < 16.10.7fixed 16.10.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.

  • CVE-2024-1963Jun 12, 2024
    affected >= 8.4.0, < 16.10.7fixed 16.10.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular e

  • CVE-2024-4201Jun 12, 2024
    affected >= 5.1.0, < 16.10.7fixed 16.10.7

    A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be mad

  • CVE-2024-5318May 24, 2024
    affected >= 11.11.0, < 16.10.6fixed 16.10.6

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.

  • CVE-2023-6502May 23, 2024
    affected < 16.10.6fixed 16.10.6

    A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.

  • CVE-2023-7045May 23, 2024
    affected >= 13.11.0, < 16.10.6fixed 16.10.6

    A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).

  • CVE-2024-1947May 23, 2024
    affected >= 13.2.4, < 16.10.6fixed 16.10.6

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.

  • CVE-2024-5258May 23, 2024
    affected >= 16.10.0, < 16.10.6fixed 16.10.6

    An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

  • CVE-2024-2874May 23, 2024
    affected < 16.10.6fixed 16.10.6

    An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

  • CVE-2024-4835May 23, 2024
    affected >= 15.11.0, < 16.10.6fixed 16.10.6

    A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

  • CVE-2023-6682May 9, 2024
    affected >= 16.9.0, < 16.9.7fixed 16.9.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular

  • CVE-2023-6688May 9, 2024
    affected >= 16.11.0, < 16.11.2fixed 16.11.2

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server.

Page 20 of 54