U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:7.10.0:rc1:*:*:community:*:*:*
  • CPE Name Search: true
There are 206 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-5226

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI.

Published: December 01, 2023; 2:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-3246

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

Published: November 06, 2023; 8:15:09 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3917

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-1279

An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.

Published: September 01, 2023; 7:15:40 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-3401

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.

Published: August 02, 2023; 5:15:14 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-2022

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

Published: August 02, 2023; 5:15:13 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

Published: June 07, 2023; 1:15:10 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2001

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.

Published: June 07, 2023; 1:15:09 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.

Published: May 12, 2023; 5:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-0756

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.

Published: May 03, 2023; 6:15:16 PM -0400
V3.1: 8.0 HIGH
V2.0:(not available)
CVE-2023-1836

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances

Published: May 03, 2023; 5:15:17 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0155

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown

Published: May 03, 2023; 5:15:16 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2019-14944

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

Published: April 15, 2023; 8:15:07 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2019-14942

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.

Published: April 15, 2023; 8:15:07 PM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2018-17537

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .

Published: April 15, 2023; 8:15:07 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2018-17536

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.

Published: April 15, 2023; 7:15:13 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.

Published: April 15, 2023; 7:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2018-17454

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.

Published: April 15, 2023; 7:15:13 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2018-17453

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

Published: April 15, 2023; 7:15:13 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.

Published: April 15, 2023; 7:15:13 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)