Vulnerabilities > Gitlab > Gitlab > 10.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-8114 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. | 8.8 |
| 2024-10-10 | CVE-2024-9623 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | 6.5 |
| 2024-10-01 | CVE-2023-3441 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. | 9.1 |
| 2024-09-12 | CVE-2024-6678 | Authentication Bypass by Spoofing vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | 8.8 |
| 2024-09-10 | CVE-2024-45409 | The Ruby SAML library is for implementing the client side of a SAML authorization. | 9.8 |
| 2024-08-22 | CVE-2024-6502 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. | 6.5 |
| 2024-08-22 | CVE-2024-8041 | Unspecified vulnerability in Gitlab A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. | 6.5 |
| 2024-08-08 | CVE-2024-3035 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | 8.1 |
| 2024-08-08 | CVE-2024-3958 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. | 6.5 |
| 2024-08-08 | CVE-2024-4207 | Cross-site Scripting vulnerability in Gitlab A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. | 5.4 |