Gitlab Latest Vulnerabilities
December 16
Unauthorized Data Exposure Vulnerability in GitLab
CVE-2024-8116
GitlabGitlab5.3MEDIUM
Access Control Vulnerability in GitLab CE/EE Revealed
CVE-2024-8650
GitlabGitlab5.3MEDIUM
December 12
GitLab Anti-CSRF Token Leak Vulnerability
CVE-2024-8647
GitLab
GitLab CE/EE Vulnerability: XSS Through Improper Output Encoding
CVE-2024-8179
GitLab
Remote access vulnerability in GitLab Wiki History Diff
CVE-2024-10043
GitlabGitlab3.1LOW
GitLab Experiences Denial of Service Vulnerability
CVE-2024-8233
GitLab
Uncontrolled CPU Consumption Vulnerability in GitLab CE/EE Could Lead to Denial of Service
CVE-2024-9367
GitLab
GitLab Open Redirect Vulnerability Affects Multiple Versions
CVE-2024-9387
GitlabGitlab6.4MEDIUM
Session Data Exfiltration Vulnerability in GitLab CE/EE
CVE-2024-11274
GitlabGitlab8.7HIGH
Possible Token Tokenification Vulnerability in GitLab
CVE-2024-12570
GitlabGitlab6.7MEDIUM
Sensitive Information Retention in GitLab GraphQL Logs
CVE-2024-12292
GitlabGitlab4MEDIUM
November 26
Unauthenticated user may read private project MR information
CVE-2024-10240
GitlabGitlab5.3MEDIUM
GitLab DoS Vulnerability
CVE-2024-11828
GitlabGitlab7.5HIGH
Unauthorized Access to Sensitive Data Due to Overly Broad Token Scopes in GitLab CE/EE
CVE-2024-11669
GitlabGitlab7.5HIGH
GitLab CE/EE Privilege Escalation Vulnerability
CVE-2024-8114
GitlabGitlab8.8HIGH
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-8177
GitlabGitlab7.5HIGH
GitLab CE/EE Under Attack: Denial of Service Vulnerability Affects All Versions
CVE-2024-8237
GitlabGitlab7.5HIGH
Unauthorized Access via Long-Lived Connections Found in GitLab
CVE-2024-11668
GitlabGitlab5.3MEDIUM
November 14
Incorrect Ownership Assignment in GitLab
CVE-2024-9633
GitlabGitlab7.5HIGH
CVE-2024-7404
GitlabGitlab6.5MEDIUM
CVE-2024-8648
GitlabGitlab6.1MEDIUM
GitLab CE/EE XSS Vulnerability
CVE-2024-8180
GitLabGitlab5.4MEDIUM
Unauthorized Access to Kubernetes Agent in GitLab CE/EE Clusters
CVE-2024-9693
GitlabGitlab8.8HIGH
October 24
GitLab Discovers Security Issue Allowing Denial of Service Attacks
CVE-2024-6826
GitlabGitlab6.5MEDIUM
GitLab CE/EE vulnerable to XSS via Global Search field
CVE-2024-8312
GitlabGitlab5.4MEDIUM
October 11
GitLab Pipeline Attack Vulnerability Affects Multiple Versions
CVE-2024-8970
GitlabGitlab8.8HIGH
Guest User API Vulnerability Affects GitLab Versions
CVE-2024-5005
GitlabGitlab4.3MEDIUM
Arbitrary Pipeline Access Vulnerability in GitLab EE
CVE-2024-9164
GitlabGitlab😄8.8HIGH
October 10
GitLab Cross-Site Scripting Vulnerability Affects Multiple Versions
CVE-2024-6530
GitlabGitlab5.4MEDIUM
GitLab EE Vulnerable to SSRF Attacks
CVE-2024-8977
GitlabGitlab8.1HIGH
Unauthenticated Version Number Disclosure Vulnerability Affects GitLab EE
CVE-2024-9596
GitlabGitlab5.3MEDIUM
Deploy Keys Vulnerability Affects All Versions of GitLab CE/EE
CVE-2024-9623
GitlabGitlab6.5MEDIUM
October 1
Insufficient Warning on Merge Rights for Protected Branches
CVE-2023-3441
GitlabGitlab9.1CRITICAL
September 26
Private Project Path Disclosure in Gitlab EE/CE
CVE-2024-8974
GitlabGitlab4.3MEDIUM
Unsanitized Content Leads to Potential Attack in GitLab EE
CVE-2024-4099
GitLabGitlab5.3MEDIUM
Information Disclosure Vulnerability in GitLab EE
CVE-2024-4278
GitlabGitlab2.7LOW
September 16
CVE-2024-4283
GitlabGitlab6.1MEDIUM
CVE-2024-6685
GitlabGitlab4.3MEDIUM
September 12
Insertion of Sensitive Information into Log File in GitLab
CVE-2024-4472
GitlabGitlab5.5MEDIUM
Improper Protection of Alternate Path in GitLab
CVE-2024-8311
GitlabGitlab6.5MEDIUM
Privilege Context Switching Error in GitLab
CVE-2024-8641
GitlabGitlab8.8HIGH
Security Vulnerability Impacts All Versions of GitLab
CVE-2024-6678
GitlabGitlab8.8HIGH
Server-Side Request Forgery (SSRF) in GitLab
CVE-2024-8635
GitlabGitlab6.5MEDIUM
Business Logic Errors in GitLab
CVE-2024-6446
GitlabGitlab3.5LOW
Inefficient Regular Expression Complexity in GitLab
CVE-2024-8124
GitlabGitlab7.5HIGH
Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
CVE-2024-6389
GitlabGitlab4.3MEDIUM
Generation of Error Message Containing Sensitive Information in GitLab
CVE-2024-5435
GitlabGitlab6.5MEDIUM
Missing Authorization in GitLab
CVE-2024-4660
GitlabGitlab7.5HIGH
Privilege Defined With Unsafe Actions in GitLab
CVE-2024-8631
GitlabGitlab7.2HIGH
Incorrect Authorization in GitLab
CVE-2024-2743
GitlabGitlab9.1CRITICAL
URL Redirection to Untrusted Site ('Open Redirect') in GitLab
CVE-2024-4612
GitlabGitlab6.1MEDIUM
CVE-2024-8754
GitlabGitlab8.1HIGH
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
CVE-2024-8640
GitlabGitlab8.8HIGH
August 22
GitLab CE/EE Vulnerability Allows Attackers to Create Branches with same Name as Deleted Tags
CVE-2024-6502
GitlabGitlab6.5MEDIUM
Arbitrary Command Execution Through Prompt Injection in GitLab EE
CVE-2024-7110
GitlabGitlab6.4MEDIUM
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-8041
GitlabGitlab6.5MEDIUM
GitLab EE Vulnerability: Bypassing IP Restriction for Unauthorized Access
CVE-2024-3127
GitlabGitlab4.3MEDIUM
August 8
Denial of Service Vulnerability in GitLab RefMatcher Affects All Prior Versions
CVE-2024-2800
GitlabGitlab7.5HIGH
GitLab Permission Check Vulnerability Affects User Repositories
CVE-2024-3035
GitlabGitlab8.1HIGH
Invalid Commit Processing Can Lead to Regular Expression DoS Attack on Server
CVE-2024-3114
GitlabGitlab6.5MEDIUM
GitLab Disclosure: Security Vulnerability in Web Application and Git Command Line Interface
CVE-2024-3958
GitlabGitlab6.5MEDIUM
GitLab Cross-Site Scripting Vulnerability Affects Multiple Versions
CVE-2024-4207
GitlabGitlab5.4MEDIUM
Banzai Pipeline Vulnerabilities Lead to Resource Exhaustion in GitLab
CVE-2024-5423
GitlabGitlab6.5MEDIUM
Access Tokens May Have Been Logged in Certain Conditions
CVE-2024-7554
GitlabGitlab6.5MEDIUM
GitLab Discloses Critical DoS Flaw Affecting Multiple Versions
CVE-2024-7610
GitlabGitlab6.5MEDIUM
GitLab CE/EE under attack: Crafted Adoc files can cause Denial of Service
CVE-2024-4210
GitlabGitlab6.5MEDIUM
Bypassing Password Re-entry Requirement in GitLab EE
CVE-2024-4784
GitlabGitlab5.4MEDIUM
Diff Rendering Failure in GitLab CE/EE
CVE-2024-6329
GitlabGitlab7.5HIGH
July 25
Cross Site Scripting Vulnerability Affects GitLab
CVE-2024-7047
GitlabGitlab5.4MEDIUM
Information Disclosure Vulnerability in GitLab CE/EE Could Leak Job Artifacts
CVE-2024-7057
GitlabGitlab4.3MEDIUM
July 24
Unauthorized Information Disclosure Vulnerability in GitLab CE/EE Project/Group Exports
CVE-2024-7060
GitlabGitlab6.5MEDIUM
Security Vulnerability in GitLab Exposes Limited Information of Exported Groups or Projects
CVE-2024-7091
GitlabGitlab5MEDIUM
Attackers Can Misdirect Commits via Repository Import Vulnerability
CVE-2024-0231
GitlabGitlab2.7LOW
Vulnerability in GitLab EE Could Leak Project-Level Analytics to Group Members
CVE-2024-5067
GitlabGitlab4.9MEDIUM
July 17
Possible upload of conflicting NPM package data
CVE-2024-6595
GitlabGitlab5.3MEDIUM
July 11
Ban Group Members Vulnerability Affects GitLab Versions
CVE-2024-2880
GitlabGitlab2.7LOW
Developer User May Modify Group namespace URL
CVE-2024-5257
GitlabGitlab4.9MEDIUM
Guest Users May Have Been Able to Create Project-Level Deploy Tokens
CVE-2024-5470
GitlabGitlab3.8LOW
GitLab CE/EE Vulnerability Allows Attacker to Trigger Pipeline as Another User
CVE-2024-6385
GitlabGitlab👾9.6CRITICAL
July 9
Improper Restriction of Rendered UI Layers or Frames in GitLab
CVE-2024-2177
GitlabGitlab6.8MEDIUM
June 27
Attacker can trigger pipeline as another user
CVE-2024-5655
GitlabGitlab👾9.6CRITICAL
Private Job Artifacts Accessible to Any User
CVE-2024-3959
GitlabGitlab6.5MEDIUM
Non-Project Members Can Promote Key Results to Objectives Vulnerability
CVE-2024-4011
GitlabGitlab4.3MEDIUM
Attacker Can Leak Private Repository Content in Public Project via Improper Authorization
CVE-2024-6323
GitlabGitlab7.5HIGH
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-1816
GitlabGitlab5.3MEDIUM
GitLab EE Vulnerability Allows Access to Issues and Epics Without SSO Session
CVE-2024-3115
GitlabGitlab4.3MEDIUM
Publicly Visible Merge Request Titles in GitLab
CVE-2024-2191
GitlabGitlab5.3MEDIUM
Stored XSS vulnerability in GitLab CE/EE could allow for malicious commit notes to be imported
CVE-2024-4901
GitlabGitlab8.7HIGH
GitLab Under Attack: Multiple DoS Vulnerabilities Discovered
CVE-2024-4557
GitlabGitlab6.5MEDIUM
GitLab CE/EE Vulnerability: Project Maintainer Can Delete Merge Request Approval Policy via GraphQL
CVE-2024-5430
GitlabGitlab6.8MEDIUM
GitLab CE/EE Vulnerability Could Lead to Regular Expression DoS Attack
CVE-2024-1493
GitlabGitlab6.5MEDIUM
June 14
KAS under attack: DoS vulnerability affects all versions
CVE-2024-5469
GitlabGitlab4.3MEDIUM
June 12
GitLab Cross-Site Scripting Vulnerability Affects Multiple Versions
CVE-2024-4201
GitlabGitlab4.4MEDIUM
GitLab CI/CD Pipeline Editor Vulnerability Could Lead to Denial of Service Attacks
CVE-2024-1736
GitlabGitlab6.5MEDIUM
GitLab Asana Integration Vulnerability Could Lead to Denial of Service
CVE-2024-1963
GitlabGitlab6.5MEDIUM
GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-1495
GitlabGitlab6.5MEDIUM
May 24
Private Project Dependency Lists Exposed Through Job Artifacts
CVE-2024-5318
GitlabGitlab5.3MEDIUM
May 23
GitLab Denial of Service Vulnerability Affects Multiple Versions
CVE-2023-6502
GitlabGitlab6.5MEDIUM
GitLab CSRF Vulnerability Affects Kubernetes Agent Server
CVE-2023-7045
GitlabGitlab6.1MEDIUM
GitLab CE/EE Under Attack: Denial of Service Vulnerability Discovered
CVE-2024-1947
GitlabGitlab6.5MEDIUM