Vulnerabilities > Gitlab > Gitlab > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-0402 Path Traversal vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
network
low complexity
gitlab CWE-22
critical
9.9
2023-09-19 CVE-2023-5009 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4.
network
low complexity
gitlab
critical
9.8
2023-08-03 CVE-2023-4008 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2.
network
low complexity
gitlab
critical
9.8
2023-04-15 CVE-2018-17452 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1.
network
low complexity
gitlab CWE-918
critical
9.8
2022-11-10 CVE-2022-3726 Unspecified vulnerability in Gitlab
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.
network
low complexity
gitlab
critical
9.0
2022-10-28 CVE-2022-2826 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1.
network
low complexity
gitlab
critical
9.8
2022-10-17 CVE-2022-2992 Injection vulnerability in Gitlab
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
network
low complexity
gitlab CWE-74
critical
9.9
2022-10-17 CVE-2022-2884 OS Command Injection vulnerability in Gitlab
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
network
low complexity
gitlab CWE-78
critical
9.9
2022-03-28 CVE-2022-0735 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2.
network
low complexity
gitlab
critical
9.8
2020-10-07 CVE-2020-13347 Command Injection vulnerability in Gitlab
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1.
network
low complexity
gitlab CWE-77
critical
9.0