Vulnerabilities > Gitlab > Low

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-4278 Improper Synchronization vulnerability in Gitlab
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1.
network
low complexity
gitlab CWE-662
2.7
2024-09-12 CVE-2024-6446 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2.
network
low complexity
gitlab
3.5
2024-07-24 CVE-2024-0231 Injection vulnerability in Gitlab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
network
low complexity
gitlab CWE-74
2.7
2024-07-11 CVE-2024-5470 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.
network
low complexity
gitlab
2.7
2024-07-11 CVE-2024-5257 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.
network
low complexity
gitlab
2.7
2024-07-11 CVE-2024-2880 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.
network
low complexity
gitlab
2.7
2023-12-15 CVE-2023-3511 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2.
network
low complexity
gitlab
3.5
2023-12-01 CVE-2023-4658 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1.
network
high complexity
gitlab
3.1
2023-09-29 CVE-2023-3906 Unspecified vulnerability in Gitlab
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
network
low complexity
gitlab
3.5
2023-09-01 CVE-2023-3950 Cleartext Storage of Sensitive Information vulnerability in Gitlab
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured.
network
low complexity
gitlab CWE-312
3.8