Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2024-0231 Injection vulnerability in Gitlab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
network
low complexity
gitlab CWE-74
2.7
2024-07-24 CVE-2024-5067 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
network
low complexity
gitlab
4.9
2024-07-24 CVE-2024-7060 Unspecified vulnerability in Gitlab
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
network
low complexity
gitlab
6.5
2024-07-24 CVE-2024-7091 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.
network
low complexity
gitlab
5.0
2024-07-17 CVE-2024-6595 Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.
network
low complexity
gitlab CWE-434
5.3
2024-07-11 CVE-2024-2880 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.
network
low complexity
gitlab
2.7
2024-07-11 CVE-2024-5257 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.
network
low complexity
gitlab
2.7
2024-07-11 CVE-2024-5470 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.
network
low complexity
gitlab
2.7
2024-07-11 CVE-2024-6385 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
network
low complexity
gitlab
critical
9.8
2024-07-09 CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames vulnerability in Gitlab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1.
network
high complexity
gitlab CWE-1021
6.8