Vulnerabilities > Gitlab > Gitlab > 14.2

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-6678 Authentication Bypass by Spoofing vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.
network
low complexity
gitlab CWE-290
8.8
8.8
2024-09-12 CVE-2024-8641 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab
8.8
8.8
2024-09-12 CVE-2024-2743 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
network
low complexity
gitlab CWE-863
critical
 9.1
9.1
2024-09-12 CVE-2024-4612 Open Redirect vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2.
network
low complexity
gitlab CWE-601
6.1
6.1
2024-09-12 CVE-2024-4660 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2.
network
low complexity
gitlab
7.5
7.5
2024-09-10 CVE-2024-45409 The Ruby SAML library is for implementing the client side of a SAML authorization.
network
low complexity
onelogin omniauth gitlab
critical
 9.8
9.8
2024-08-22 CVE-2024-3127 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1.
network
low complexity
gitlab CWE-863
4.3
4.3
2024-08-22 CVE-2024-6502 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.
network
low complexity
gitlab
6.5
6.5
2024-08-22 CVE-2024-8041 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1.
network
low complexity
gitlab
6.5
6.5
2024-08-08 CVE-2024-2800 Unspecified vulnerability in Gitlab
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
network
low complexity
gitlab
7.5
7.5