Gitlab Latest Vulnerabilities
November 14
Unauthorized Access to Kubernetes Agent in GitLab CE/EE Clusters
CVE-2024-9693
GitlabGitlab8.5HIGH
GitLab CE/EE XSS Vulnerability
CVE-2024-8180
GitLab
October 24
GitLab Discovers Security Issue Allowing Denial of Service Attacks
CVE-2024-6826
GitlabGitlab6.5MEDIUM
GitLab CE/EE vulnerable to XSS via Global Search field
CVE-2024-8312
GitlabGitlab8.7HIGH
October 11
GitLab Pipeline Attack Vulnerability Affects Multiple Versions
CVE-2024-8970
GitlabGitlab8.2HIGH
Guest User API Vulnerability Affects GitLab Versions
CVE-2024-5005
GitlabGitlab4.3MEDIUM
Arbitrary Pipeline Access Vulnerability in GitLab EE
CVE-2024-9164
GitlabGitlab😄9.6CRITICAL
October 10
GitLab Cross-Site Scripting Vulnerability Affects Multiple Versions
CVE-2024-6530
GitlabGitlab5.4MEDIUM
GitLab EE Vulnerable to SSRF Attacks
CVE-2024-8977
GitlabGitlab8.1HIGH
Unauthenticated Version Number Disclosure Vulnerability Affects GitLab EE
CVE-2024-9596
GitlabGitlab5.3MEDIUM
Deploy Keys Vulnerability Affects All Versions of GitLab CE/EE
CVE-2024-9623
GitlabGitlab6.5MEDIUM
October 1
Insufficient Warning on Merge Rights for Protected Branches
CVE-2023-3441
GitlabGitlab6.6MEDIUM
September 26
Unsanitized Content Leads to Potential Attack in GitLab EE
CVE-2024-4099
GitLabGitlab5.3MEDIUM
Private Project Path Disclosure in Gitlab EE/CE
CVE-2024-8974
GitlabGitlab4.3MEDIUM
Information Disclosure Vulnerability in GitLab EE
CVE-2024-4278
GitlabGitlab2.7LOW
September 16
CVE-2024-6685
GitlabGitlab4.3MEDIUM
CVE-2024-4283
GitlabGitlab6.1MEDIUM
September 12
Insertion of Sensitive Information into Log File in GitLab
CVE-2024-4472
GitlabGitlab5.5MEDIUM
Improper Protection of Alternate Path in GitLab
CVE-2024-8311
GitlabGitlab6.5MEDIUM
Privilege Context Switching Error in GitLab
CVE-2024-8641
GitlabGitlab8.8HIGH
Security Vulnerability Impacts All Versions of GitLab
CVE-2024-6678
GitlabGitlab8.8HIGH
Business Logic Errors in GitLab
CVE-2024-6446
GitlabGitlab3.5LOW
Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
CVE-2024-6389
GitlabGitlab4.3MEDIUM
Generation of Error Message Containing Sensitive Information in GitLab
CVE-2024-5435
GitlabGitlab6.5MEDIUM
Missing Authorization in GitLab
CVE-2024-4660
GitlabGitlab7.5HIGH
URL Redirection to Untrusted Site ('Open Redirect') in GitLab
CVE-2024-4612
GitlabGitlab6.1MEDIUM
Privilege Defined With Unsafe Actions in GitLab
CVE-2024-8631
GitlabGitlab7.2HIGH
Incorrect Authorization in GitLab
CVE-2024-2743
GitlabGitlab9.1CRITICAL
CVE-2024-8754
GitlabGitlab8.1HIGH
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
CVE-2024-8640
GitlabGitlab8.8HIGH
Inefficient Regular Expression Complexity in GitLab
CVE-2024-8124
GitlabGitlab7.5HIGH
Server-Side Request Forgery (SSRF) in GitLab
CVE-2024-8635
GitlabGitlab6.5MEDIUM
August 22
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-8041
GitlabGitlab6.5MEDIUM
GitLab EE Vulnerability: Bypassing IP Restriction for Unauthorized Access
CVE-2024-3127
GitlabGitlab4.3MEDIUM
GitLab CE/EE Vulnerability Allows Attackers to Create Branches with same Name as Deleted Tags
CVE-2024-6502
GitlabGitlab6.5MEDIUM
Arbitrary Command Execution Through Prompt Injection in GitLab EE
CVE-2024-7110
GitlabGitlab6.4MEDIUM
August 8
Denial of Service Vulnerability in GitLab RefMatcher Affects All Prior Versions
CVE-2024-2800
GitlabGitlab7.5HIGH
GitLab Permission Check Vulnerability Affects User Repositories
CVE-2024-3035
GitlabGitlab8.1HIGH
Invalid Commit Processing Can Lead to Regular Expression DoS Attack on Server
CVE-2024-3114
GitlabGitlab6.5MEDIUM
GitLab Disclosure: Security Vulnerability in Web Application and Git Command Line Interface
CVE-2024-3958
GitlabGitlab6.5MEDIUM
GitLab Cross-Site Scripting Vulnerability Affects Multiple Versions
CVE-2024-4207
GitlabGitlab5.4MEDIUM
Banzai Pipeline Vulnerabilities Lead to Resource Exhaustion in GitLab
CVE-2024-5423
GitlabGitlab6.5MEDIUM
Access Tokens May Have Been Logged in Certain Conditions
CVE-2024-7554
GitlabGitlab6.5MEDIUM
GitLab Discloses Critical DoS Flaw Affecting Multiple Versions
CVE-2024-7610
GitlabGitlab6.5MEDIUM
GitLab CE/EE under attack: Crafted Adoc files can cause Denial of Service
CVE-2024-4210
GitlabGitlab6.5MEDIUM
Bypassing Password Re-entry Requirement in GitLab EE
CVE-2024-4784
GitlabGitlab5.4MEDIUM
Diff Rendering Failure in GitLab CE/EE
CVE-2024-6329
GitlabGitlab7.5HIGH
July 25
Cross Site Scripting Vulnerability Affects GitLab
CVE-2024-7047
GitlabGitlab5.4MEDIUM
Information Disclosure Vulnerability in GitLab CE/EE Could Leak Job Artifacts
CVE-2024-7057
GitlabGitlab4.3MEDIUM
July 24
Unauthorized Information Disclosure Vulnerability in GitLab CE/EE Project/Group Exports
CVE-2024-7060
GitlabGitlab6.5MEDIUM
Security Vulnerability in GitLab Exposes Limited Information of Exported Groups or Projects
CVE-2024-7091
GitlabGitlab5MEDIUM
Attackers Can Misdirect Commits via Repository Import Vulnerability
CVE-2024-0231
GitlabGitlab2.7LOW
Vulnerability in GitLab EE Could Leak Project-Level Analytics to Group Members
CVE-2024-5067
GitlabGitlab4.9MEDIUM
July 17
Possible upload of conflicting NPM package data
CVE-2024-6595
GitlabGitlab5.3MEDIUM
July 11
Ban Group Members Vulnerability Affects GitLab Versions
CVE-2024-2880
GitlabGitlab2.7LOW
Developer User May Modify Group namespace URL
CVE-2024-5257
GitlabGitlab4.9MEDIUM
Guest Users May Have Been Able to Create Project-Level Deploy Tokens
CVE-2024-5470
GitlabGitlab3.8LOW
GitLab CE/EE Vulnerability Allows Attacker to Trigger Pipeline as Another User
CVE-2024-6385
GitlabGitlab👾9.6CRITICAL
July 9
Improper Restriction of Rendered UI Layers or Frames in GitLab
CVE-2024-2177
GitlabGitlab6.8MEDIUM
June 27
GitLab CE/EE Vulnerability: Project Maintainer Can Delete Merge Request Approval Policy via GraphQL
CVE-2024-5430
GitlabGitlab6.8MEDIUM
GitLab Under Attack: Multiple DoS Vulnerabilities Discovered
CVE-2024-4557
GitlabGitlab6.5MEDIUM
Non-Project Members Can Promote Key Results to Objectives Vulnerability
CVE-2024-4011
GitlabGitlab4.3MEDIUM
Attacker can trigger pipeline as another user
CVE-2024-5655
GitlabGitlab👾9.6CRITICAL
Private Job Artifacts Accessible to Any User
CVE-2024-3959
GitlabGitlab6.5MEDIUM
GitLab EE Vulnerability Allows Access to Issues and Epics Without SSO Session
CVE-2024-3115
GitlabGitlab4.3MEDIUM
GitLab CE/EE Vulnerability Could Lead to Regular Expression DoS Attack
CVE-2024-1493
GitlabGitlab6.5MEDIUM
Stored XSS vulnerability in GitLab CE/EE could allow for malicious commit notes to be imported
CVE-2024-4901
GitlabGitlab8.7HIGH
Attacker Can Leak Private Repository Content in Public Project via Improper Authorization
CVE-2024-6323
GitlabGitlab7.5HIGH
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-1816
GitlabGitlab5.3MEDIUM
Publicly Visible Merge Request Titles in GitLab
CVE-2024-2191
GitlabGitlab5.3MEDIUM
June 14
KAS under attack: DoS vulnerability affects all versions
CVE-2024-5469
GitlabGitlab4.3MEDIUM
June 12
GitLab Cross-Site Scripting Vulnerability Affects Multiple Versions
CVE-2024-4201
GitlabGitlab4.4MEDIUM
GitLab Asana Integration Vulnerability Could Lead to Denial of Service
CVE-2024-1963
GitlabGitlab6.5MEDIUM
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-1495
GitlabGitlab6.5MEDIUM
GitLab CI/CD Pipeline Editor Vulnerability Could Lead to Denial of Service Attacks
CVE-2024-1736
GitlabGitlab6.5MEDIUM
May 24
Private Project Dependency Lists Exposed Through Job Artifacts
CVE-2024-5318
GitlabGitlab4MEDIUM
May 23
GitLab Denial of Service Vulnerability Affects Multiple Versions
CVE-2023-6502
GitlabGitlab4.3MEDIUM
GitLab CSRF Vulnerability Affects Kubernetes Agent Server
CVE-2023-7045
GitlabGitlab5.4MEDIUM
GitLab CE/EE Under Attack: Denial of Service Vulnerability Discovered
CVE-2024-1947
GitlabGitlab4.3MEDIUM
GitLab Authorization Vulnerability: Bypass Pipeline Authorization Logic
CVE-2024-5258
GitlabGitlab4.4MEDIUM
Crafted Runner Description Can Disrupt GitLab Web Resources
CVE-2024-2874
GitlabGitlab6.5MEDIUM
GitLab XSS Vulnerability Affects Sensitive User Information
CVE-2024-4835
GitlabGitlab8HIGH
May 14
GitLab EE Vulnerability: CSRF Attack on SAML Sessions
CVE-2024-4597
GitlabGitlab5.7MEDIUM
GitLab CE/EE Vulnerability: Denial of Service via API Abuse
CVE-2024-4539
GitlabGitlab4.3MEDIUM
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-2651
GitlabGitlab6.5MEDIUM
GitLab CE/EE Under DoS Attack via Pins Endpoint
CVE-2024-2454
GitlabGitlab6.5MEDIUM
GitLab CE/EE Vulnerability: Regular Expression DoS Attack on Server
CVE-2023-6682
GitlabGitlab6.5MEDIUM
Regular Expression DoS Attack on Server
CVE-2023-6688
GitlabGitlab6.5MEDIUM
April 25
GitLab Account Takeover Vulnerability Affects All Versions
CVE-2024-4024
GitlabGitlab7.3HIGH
Personal Access Scopes Not Honored in GitLab GraphQL Subscriptions
CVE-2024-4006
GitlabGitlab4.3MEDIUM
Email Address Attack Bypasses Domain-Based Restrictions
CVE-2024-1347
GitlabGitlab4.3MEDIUM
GitLab CE/EE Vulnerability: Path Traversal Leads to DoS and Restricted File Read
CVE-2024-2434
GitlabGitlab8.5HIGH
GitLab CE/EE Vulnerability: Denial of Service via Crafted Wildcard Filter in FileFinder
CVE-2024-2829
GitlabGitlab7.5HIGH
April 12
GitLab Denial of Service Vulnerability Affects Chat Integration
CVE-2023-6489
GitlabGitlab4.3MEDIUM
GitLab EE Under Denial of Service Attack Due to Malicious JUnit Test Report File
CVE-2023-6678
GitlabGitlab4.3MEDIUM
GitLab CE/EE Vulnerability: Stored XSS Flaw Affects All Versions
CVE-2024-2279
GitlabGitlab8.7HIGH
Stored XSS Vulnerability Affects GitLab CE/EE Versions
CVE-2024-3092
GitlabGitlab8.7HIGH
March 28
GitLab CE/EE Vulnerability: Stored XSS Flaw Affects All Versions
CVE-2023-6371
GitlabGitlab8.7HIGH
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-2818
GitlabGitlab4.3MEDIUM
March 7
GitLab Authorization Bypass Vulnerability Affects Multiple Versions
CVE-2024-0199
GitlabGitlab7.7HIGH