VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2023-3949MedDec 1, 2023
    risk 0.34cvss 5.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions…

  • CVE-2023-4647MedSep 1, 2023
    risk 0.34cvss 5.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain…

  • CVE-2023-4002MedAug 4, 2023
    risk 0.34cvss 5.3epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to…

  • CVE-2023-4008MedAug 3, 2023
    risk 0.34cvss 5.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random…

  • CVE-2023-3102MedJul 21, 2023
    risk 0.34cvss 5.3epss 0.01

    A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

  • CVE-2023-3362MedJul 13, 2023
    risk 0.34cvss 5.3epss 0.01

    An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.

  • CVE-2018-17453MedApr 15, 2023
    risk 0.34cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

  • CVE-2023-1167MedApr 5, 2023
    risk 0.34cvss 5.3epss 0.01

    Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

  • CVE-2022-4167MedJan 12, 2023
    risk 0.34cvss 5.3epss 0.01

    Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

  • CVE-2022-3286MedOct 17, 2022
    risk 0.34cvss 5.3epss 0.00

    Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token

  • CVE-2022-2539MedAug 5, 2022
    risk 0.34cvss 5.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.

  • CVE-2021-39909MedNov 5, 2021
    risk 0.34cvss 5.3epss 0.01

    Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge…

  • CVE-2021-39882MedOct 5, 2021
    risk 0.34cvss 5.3epss 0.01

    In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.

  • CVE-2021-22196MedApr 2, 2021
    risk 0.34cvss 6.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.

  • CVE-2026-3848MedMar 11, 2026
    risk 0.33cvss 5.0epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to…

  • CVE-2023-4630MedSep 11, 2023
    risk 0.33cvss 5.0epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.

  • CVE-2022-4343MedSep 1, 2023
    risk 0.33cvss 5.0epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.

  • CVE-2023-1401MedJul 26, 2023
    risk 0.33cvss 5.0epss 0.00

    An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

  • CVE-2022-4462MedMar 9, 2023
    risk 0.33cvss 5.0epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing…

  • CVE-2022-4315MedMar 8, 2023
    risk 0.33cvss 5.0epss 0.01

    An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

Page 26 of 61