Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-8124 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request.
network
low complexity
gitlab
7.5
7.5
2024-09-12 CVE-2024-8631 Unspecified vulnerability in Gitlab
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab
7.2
7.2
2024-09-12 CVE-2024-8635 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab CWE-918
6.5
6.5
2024-09-12 CVE-2024-8640 Command Injection vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab CWE-77
8.8
8.8
2024-09-12 CVE-2024-8754 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2.
network
low complexity
gitlab
8.1
8.1
2024-09-10 CVE-2024-45409 The Ruby SAML library is for implementing the client side of a SAML authorization.
network
low complexity
onelogin omniauth gitlab
critical
 9.8
9.8
2024-08-22 CVE-2024-3127 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1.
network
low complexity
gitlab CWE-863
4.3
4.3
2024-08-22 CVE-2024-6502 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.
network
low complexity
gitlab
6.5
6.5
2024-08-22 CVE-2024-7110 Command Injection vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
network
high complexity
gitlab CWE-77
6.4
6.4
2024-08-22 CVE-2024-8041 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1.
network
low complexity
gitlab
6.5
6.5