Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-8640 Command Injection vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab CWE-77
8.8
2024-09-12 CVE-2024-8754 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2.
network
low complexity
gitlab
8.1
2024-09-10 CVE-2024-45409 The Ruby SAML library is for implementing the client side of a SAML authorization.
network
low complexity
onelogin omniauth gitlab
critical
9.8
2024-08-22 CVE-2024-3127 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1.
network
low complexity
gitlab CWE-863
4.3
2024-08-22 CVE-2024-6502 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.
network
low complexity
gitlab
6.5
2024-08-22 CVE-2024-7110 Command Injection vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
network
high complexity
gitlab CWE-77
6.4
2024-08-22 CVE-2024-8041 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-2800 Unspecified vulnerability in Gitlab
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
network
low complexity
gitlab
7.5
2024-08-08 CVE-2024-3035 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.
network
low complexity
gitlab CWE-639
8.1
2024-08-08 CVE-2024-3114 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
network
low complexity
gitlab
6.5