VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2022-2243MedJul 1, 2022
    risk 0.33cvss 5.0epss 0.01

    An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.

  • CVE-2021-22239MedSep 9, 2021
    risk 0.33cvss 5.0epss 0.01

    An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.

  • CVE-2021-22243MedAug 25, 2021
    risk 0.33cvss 5.0epss 0.01

    Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.

  • CVE-2021-22178MedMar 24, 2021
    risk 0.33cvss 5.0epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.

  • CVE-2019-6784MedSep 9, 2019
    risk 0.33cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a…

  • CVE-2019-6796MedApr 11, 2019
    risk 0.33cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.

  • CVE-2018-14604MedJul 27, 2018
    risk 0.33cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.

  • CVE-2023-3907MedDec 17, 2023
    risk 0.32cvss 4.9epss 0.01

    A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner

  • CVE-2023-3993MedAug 2, 2023
    risk 0.32cvss 4.9epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.

  • CVE-2023-0805MedMay 3, 2023
    risk 0.32cvss 4.9epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a…

  • CVE-2022-2456MedAug 5, 2022
    risk 0.32cvss 4.9epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or…

  • CVE-2022-0477MedApr 25, 2022
    risk 0.32cvss 4.9epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the…

  • CVE-2021-22253MedAug 23, 2021
    risk 0.32cvss 4.9epss 0.01

    Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed

  • CVE-2021-22230MedJul 7, 2021
    risk 0.32cvss 4.9epss 0.01

    Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.

  • CVE-2021-22186MedMar 24, 2021
    risk 0.32cvss 4.9epss 0.01

    An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

  • CVE-2020-13341MedOct 12, 2020
    risk 0.32cvss 4.9epss 0.01

    An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.

  • CVE-2019-13007MedMar 10, 2020
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.

  • CVE-2023-5512MedDec 15, 2023
    risk 0.31cvss 4.8epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading…

  • CVE-2023-5226MedDec 1, 2023
    risk 0.31cvss 4.8epss 0.01

    An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted…

  • CVE-2023-3401MedAug 2, 2023
    risk 0.31cvss 4.8epss 0.01

    An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories…

Page 27 of 61