Vulnerabilities > Gitlab > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-8635 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.
network
low complexity
gitlab CWE-918
6.5
2024-08-22 CVE-2024-3127 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1.
network
low complexity
gitlab CWE-863
4.3
2024-08-22 CVE-2024-6502 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.
network
low complexity
gitlab
6.5
2024-08-22 CVE-2024-7110 Command Injection vulnerability in Gitlab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
network
high complexity
gitlab CWE-77
6.4
2024-08-22 CVE-2024-8041 Unspecified vulnerability in Gitlab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-3114 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-3958 Code Injection vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.
network
low complexity
gitlab CWE-94
6.5
2024-08-08 CVE-2024-4207 Cross-site Scripting vulnerability in Gitlab
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2.
network
low complexity
gitlab CWE-79
5.4
2024-08-08 CVE-2024-5423 Unspecified vulnerability in Gitlab
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
network
low complexity
gitlab
6.5
2024-08-08 CVE-2024-7554 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2.
network
low complexity
gitlab
6.5