VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2023-5061MedDec 15, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI…

  • CVE-2023-3904MedDec 15, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the…

  • CVE-2023-4317MedDec 1, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an…

  • CVE-2023-3964MedDec 1, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have…

  • CVE-2023-3909MedNov 6, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in…

  • CVE-2023-3246MedNov 6, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

  • CVE-2023-5198MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.

  • CVE-2023-4532MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member…

  • CVE-2023-3920MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects…

  • CVE-2023-3917MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.01

    Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

  • CVE-2023-0989MedSep 29, 2023
    risk 0.28cvss 4.3epss 0.00

    An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD…

  • CVE-2023-4018MedSep 1, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.

  • CVE-2023-4522MedAug 30, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.

  • CVE-2023-2022MedAug 2, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even…

  • CVE-2023-4011MedAug 2, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.

  • CVE-2023-3900MedAug 2, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.

  • CVE-2023-2576MedJul 13, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected…

  • CVE-2023-2001MedJun 7, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download…

  • CVE-2023-1204MedMay 3, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by…

  • CVE-2018-17450MedApr 15, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.

Page 30 of 61