Vulnerabilities > Gitlab > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-6678 Authentication Bypass by Spoofing vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.
network
low complexity
gitlab CWE-290
8.8
2024-09-12 CVE-2024-8641 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab
8.8
2024-09-12 CVE-2024-4660 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2.
network
low complexity
gitlab
7.5
2024-09-12 CVE-2024-8124 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request.
network
low complexity
gitlab
7.5
2024-09-12 CVE-2024-8631 Unspecified vulnerability in Gitlab
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab
7.2
2024-09-12 CVE-2024-8640 Command Injection vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab CWE-77
8.8
2024-09-12 CVE-2024-8754 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2.
network
low complexity
gitlab
8.1
2024-08-08 CVE-2024-2800 Unspecified vulnerability in Gitlab
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
network
low complexity
gitlab
7.5
2024-08-08 CVE-2024-3035 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.
network
low complexity
gitlab CWE-639
8.1
2024-08-08 CVE-2024-6329 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.
network
low complexity
gitlab CWE-116
7.5