Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2024-7554 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. | 6.5 |
| 2024-08-08 | CVE-2024-7610 | Unspecified vulnerability in Gitlab A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. | 6.5 |
| 2024-08-08 | CVE-2024-4210 | Unspecified vulnerability in Gitlab A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. | 6.5 |
| 2024-08-08 | CVE-2024-4784 | Improper Authentication vulnerability in Gitlab An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | 5.4 |
| 2024-07-25 | CVE-2024-7047 | Cross-site Scripting vulnerability in Gitlab A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. | 5.4 |
| 2024-07-25 | CVE-2024-7057 | Unspecified vulnerability in Gitlab An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. | 4.3 |
| 2024-07-24 | CVE-2024-5067 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. | 4.9 |
| 2024-07-24 | CVE-2024-7060 | Unspecified vulnerability in Gitlab An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | 6.5 |
| 2024-07-24 | CVE-2024-7091 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. | 5.0 |
| 2024-07-17 | CVE-2024-6595 | Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | 5.3 |