Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2024-08-08 CVE-2024-4210 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-4784 Improper Authentication vulnerability in Gitlab
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
network
low complexity
gitlab CWE-287
5.4
2024-08-08 CVE-2024-6329 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.
network
low complexity
gitlab CWE-116
7.5
2024-07-25 CVE-2024-7047 Cross-site Scripting vulnerability in Gitlab
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.
network
low complexity
gitlab CWE-79
5.4
2024-07-25 CVE-2024-7057 Unspecified vulnerability in Gitlab
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.
network
low complexity
gitlab
4.3
2024-07-24 CVE-2024-0231 Injection vulnerability in Gitlab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
network
low complexity
gitlab CWE-74
2.7
2024-07-24 CVE-2024-5067 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
network
low complexity
gitlab
4.9
2024-07-24 CVE-2024-7060 Unspecified vulnerability in Gitlab
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
network
low complexity
gitlab
6.5
2024-07-24 CVE-2024-7091 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.
network
low complexity
gitlab
5.0
2024-07-17 CVE-2024-6595 Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.
network
low complexity
gitlab CWE-434
5.3