Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2024-08-22 CVE-2024-7110 Command Injection vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
network
high complexity
gitlab CWE-77
6.4
2024-08-22 CVE-2024-8041 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-2800 Unspecified vulnerability in Gitlab
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
network
low complexity
gitlab
7.5
2024-08-08 CVE-2024-3035 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.
network
low complexity
gitlab CWE-639
8.1
2024-08-08 CVE-2024-3114 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-3958 Code Injection vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.
network
low complexity
gitlab CWE-94
6.5
2024-08-08 CVE-2024-4207 Cross-site Scripting vulnerability in Gitlab
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2.
network
low complexity
gitlab CWE-79
5.4
2024-08-08 CVE-2024-5423 Unspecified vulnerability in Gitlab
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-7554 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-7610 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.
network
low complexity
gitlab
6.5