Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-27 | CVE-2024-4901 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes. | 5.4 |
| 2024-06-27 | CVE-2024-5430 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL. | 4.9 |
| 2024-06-14 | CVE-2024-5469 | Improper Check for Unusual or Exceptional Conditions vulnerability in Gitlab DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. | 4.3 |
| 2024-06-12 | CVE-2024-1495 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. | 6.5 |
| 2024-06-12 | CVE-2024-1736 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. | 6.5 |
| 2024-06-12 | CVE-2024-1963 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. | 6.5 |
| 2024-06-12 | CVE-2024-4201 | Cross-site Scripting vulnerability in Gitlab A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. | 4.4 |
| 2024-05-24 | CVE-2024-5318 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. | 5.3 |
| 2024-05-23 | CVE-2023-6502 | Unspecified vulnerability in Gitlab A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. | 6.5 |
| 2024-05-23 | CVE-2023-7045 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. | 6.1 |