VYPR

CE/EE

by GitLab Inc.

CVEs (414)

  • CVE-2018-18649Nov 29, 2018
    GitLab Inc.
    GitLab
    risk 0.04cvss epss 0.55

    An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

  • CVE-2024-1451Feb 21, 2024
    GitLab Inc.
    GitLab
    risk 0.02cvss epss 0.29

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."

  • CVE-2023-0921Jun 6, 2023
    GitLab Inc.
    GitLab
    risk 0.02cvss epss 0.21

    A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

  • CVE-2024-2434Apr 25, 2024
    GitLab Inc.
    GitLab
    risk 0.01cvss epss 0.11

    An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

  • CVE-2023-2015Jun 7, 2023
    GitLab Inc.
    GitLab
    risk 0.01cvss epss 0.08

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows…

  • CVE-2022-3572Jan 24, 2023
    GitLab Inc.
    GitLab
    risk 0.01cvss epss 0.10

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected…

  • CVE-2022-3265Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.01cvss epss 0.14

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed…

  • CVE-2021-22201Apr 2, 2021
    GitLab Inc.
    GitLab
    risk 0.01cvss epss 0.09

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

  • CVE-2024-5318May 24, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.

  • CVE-2023-6502May 23, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.

  • CVE-2023-7045May 23, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).

  • CVE-2024-1947May 23, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.

  • CVE-2024-2874May 23, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

  • CVE-2023-6682May 9, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a…

  • CVE-2023-6688May 9, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server.

  • CVE-2024-2454May 9, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.02

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.

  • CVE-2024-2651May 9, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown…

  • CVE-2024-4539May 9, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.

  • CVE-2024-4597May 9, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

  • CVE-2024-4024Apr 25, 2024
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials…

Page 2 of 21