CE/EE

CVEs (414)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-4006	GitLab Inc. GitLab	—	0.00	Apr 25, 2024	An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions
CVE-2024-1347	GitLab Inc. GitLab	—	0.00	Apr 25, 2024	An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain…
CVE-2024-2829	GitLab Inc. GitLab	—	0.01	Apr 25, 2024	An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
CVE-2023-6678	GitLab Inc. GitLab	—	0.00	Apr 12, 2024	An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a…
CVE-2024-2279	GitLab Inc. GitLab	—	0.01	Apr 12, 2024	An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a…
CVE-2024-3092	GitLab Inc. GitLab	—	0.01	Apr 12, 2024	An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of…
CVE-2023-6371	GitLab Inc. GitLab	—	0.00	Mar 28, 2024	An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary…
CVE-2024-2818	GitLab Inc. GitLab	—	0.00	Mar 28, 2024	An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description…
CVE-2023-4895	GitLab Inc. GitLab	—	0.00	Feb 22, 2024	An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access…
CVE-2023-6477	GitLab Inc. GitLab	—	0.00	Feb 21, 2024	An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be…
CVE-2024-1525	GitLab Inc. GitLab	—	0.00	Feb 21, 2024	An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password…
CVE-2024-0861	GitLab Inc. GitLab	—	0.00	Feb 21, 2024	An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary…
CVE-2024-1250	GitLab Inc. GitLab	—	0.00	Feb 12, 2024	An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege…
CVE-2023-6564	GitLab Inc. GitLab	—	0.00	Feb 8, 2024	An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role…
CVE-2023-6736	GitLab Inc. GitLab	—	0.00	Feb 7, 2024	An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using…
CVE-2023-6840	GitLab Inc. GitLab	—	0.00	Feb 7, 2024	An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
CVE-2024-1066	GitLab Inc. GitLab	—	0.00	Feb 7, 2024	An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
CVE-2023-6159	GitLab Inc. GitLab	—	0.01	Jan 26, 2024	An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
CVE-2023-2030	GitLab Inc. GitLab	—	0.00	Jan 12, 2024	An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
CVE-2023-4812	GitLab Inc. GitLab	—	0.00	Jan 12, 2024	An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously…

CVE-2024-4006Apr 25, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions
CVE-2024-1347Apr 25, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain…
CVE-2024-2829Apr 25, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.01
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
CVE-2023-6678Apr 12, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a…
CVE-2024-2279Apr 12, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.01
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a…
CVE-2024-3092Apr 12, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.01
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of…
CVE-2023-6371Mar 28, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary…
CVE-2024-2818Mar 28, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description…
CVE-2023-4895Feb 22, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access…
CVE-2023-6477Feb 21, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be…
CVE-2024-1525Feb 21, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password…
CVE-2024-0861Feb 21, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary…
CVE-2024-1250Feb 12, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege…
CVE-2023-6564Feb 8, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role…
CVE-2023-6736Feb 7, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using…
CVE-2023-6840Feb 7, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
CVE-2024-1066Feb 7, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
CVE-2023-6159Jan 26, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.01
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
CVE-2023-2030Jan 12, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
CVE-2023-4812Jan 12, 2024
GitLab Inc.
GitLab
risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously…

Page 3 of 21