The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
Max CVSS
10.0
EPSS Score
0.25%
Published
2018-12-04
Updated
2019-02-05
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.
Max CVSS
10.0
EPSS Score
0.46%
Published
2019-04-17
Updated
2019-04-17
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
Max CVSS
10.0
EPSS Score
0.16%
Published
2020-09-14
Updated
2023-02-03

CVE-2021-22205

Known exploited
Public exploit
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Max CVSS
10.0
EPSS Score
97.46%
Published
2021-04-23
Updated
2022-07-12
CISA KEV Added
2021-11-03
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
Max CVSS
10.0
EPSS Score
3.28%
Published
2022-03-28
Updated
2022-04-04

CVE-2023-2825

Public exploit
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
Max CVSS
10.0
EPSS Score
9.13%
Published
2023-05-26
Updated
2023-05-29

CVE-2023-7028

Public exploit
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Max CVSS
10.0
EPSS Score
80.72%
Published
2024-01-12
Updated
2024-03-04
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
Max CVSS
9.9
EPSS Score
32.68%
Published
2021-03-24
Updated
2021-03-26
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.
Max CVSS
9.9
EPSS Score
0.13%
Published
2022-06-06
Updated
2022-06-17
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
Max CVSS
9.9
EPSS Score
50.71%
Published
2022-07-01
Updated
2022-10-29
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Max CVSS
9.9
EPSS Score
0.55%
Published
2022-10-17
Updated
2023-04-03

CVE-2022-2992

Public exploit
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Max CVSS
9.9
EPSS Score
4.17%
Published
2022-10-17
Updated
2023-02-15
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Max CVSS
9.9
EPSS Score
0.07%
Published
2024-01-26
Updated
2024-01-31
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
Max CVSS
9.8
EPSS Score
4.17%
Published
2018-03-21
Updated
2019-10-09
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
Max CVSS
9.8
EPSS Score
4.17%
Published
2018-03-21
Updated
2019-10-09
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-03-24
Updated
2019-03-05
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
Max CVSS
9.8
EPSS Score
20.21%
Published
2018-07-18
Updated
2018-09-15
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
Max CVSS
9.8
EPSS Score
0.46%
Published
2018-10-03
Updated
2018-12-04
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.
Max CVSS
9.8
EPSS Score
0.18%
Published
2023-04-15
Updated
2023-04-25
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-12-04
Updated
2019-10-03
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.
Max CVSS
9.8
EPSS Score
8.90%
Published
2018-11-29
Updated
2020-08-24
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
Max CVSS
9.8
EPSS Score
0.38%
Published
2020-01-28
Updated
2020-01-31
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
Max CVSS
9.8
EPSS Score
0.21%
Published
2019-09-09
Updated
2020-08-24
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-04-17
Updated
2020-08-24
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).
Max CVSS
9.8
EPSS Score
0.26%
Published
2019-05-29
Updated
2020-08-24
318 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!