Total
1199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3413 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | |||||
| CVE-2023-4011 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS. | |||||
| CVE-2023-0632 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. | |||||
| CVE-2023-3443 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. | |||||
| CVE-2023-5612 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | |||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | |||||
| CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 6.5 MEDIUM |
| An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | |||||
| CVE-2023-3102 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR. | |||||
| CVE-2023-4532 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | |||||
| CVE-2023-3904 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards. | |||||
| CVE-2023-6477 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 6.7 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation. | |||||
| CVE-2023-0120 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | |||||
| CVE-2023-3994 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. | |||||
| CVE-2023-4812 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request. | |||||
| CVE-2023-3484 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations. | |||||
| CVE-2023-3993 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | |||||
| CVE-2023-4895 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects | |||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | |||||
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. | |||||
| CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | |||||