VYPR

GitLab EE and CE

by GitLab Inc.

CVEs (41)

  • CVE-2023-3362MedJul 13, 2023
    risk 0.34cvss 5.3epss 0.01

    An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.

  • CVE-2023-3500MedAug 2, 2023
    risk 0.31cvss 4.8epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed…

  • CVE-2023-2485MedJun 7, 2023
    risk 0.29cvss 4.4epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that…

  • CVE-2023-2015MedJun 7, 2023
    risk 0.29cvss 4.4epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows…

  • CVE-2023-3246MedNov 6, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

  • CVE-2023-3917MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.01

    Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

  • CVE-2023-0989MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.00

    An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD…

  • CVE-2023-2022MedAug 2, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even…

  • CVE-2023-2576MedJul 13, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected…

  • CVE-2023-2001MedJun 7, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download…

  • CVE-2023-1204MedMay 3, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by…

  • CVE-2023-0518MedFeb 13, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

  • CVE-2022-4131MedJan 12, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex…

  • CVE-2023-2200MedJul 13, 2023
    risk 0.27cvss 4.1epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.

  • CVE-2023-3363LowJul 13, 2023
    risk 0.25cvss 3.9epss 0.00

    An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

  • CVE-2023-2030LowJan 12, 2024
    risk 0.23cvss 3.5epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

  • CVE-2023-1936LowJul 11, 2023
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a…

  • CVE-2023-2233LowSep 29, 2023
    risk 0.20cvss 3.1epss 0.00

    An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry…

  • CVE-2023-0508LowJun 7, 2023
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.

  • CVE-2023-1084LowMar 9, 2023
    risk 0.18cvss 2.7epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a…