U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:15.5.5:*:*:*:enterprise:*:*:*
  • CPE Name Search: true
There are 134 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2023-4912

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.

Published: December 01, 2023; 2:15:11 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-4658

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.

Published: December 01, 2023; 2:15:10 AM -0500
V3.1: 3.1 LOW
V2.0:(not available)
CVE-2023-4317

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.

Published: December 01, 2023; 2:15:10 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3964

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.

Published: December 01, 2023; 2:15:09 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3949

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.

Published: December 01, 2023; 2:15:08 AM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-3443

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.

Published: December 01, 2023; 2:15:07 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-4379

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.

Published: November 09, 2023; 4:15:24 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-4700

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

Published: November 06, 2023; 1:15:08 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-5963

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

Published: November 06, 2023; 8:15:10 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.

Published: November 06, 2023; 8:15:09 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-3246

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

Published: November 06, 2023; 8:15:09 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-5106

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

Published: October 02, 2023; 8:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-5198

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.

Published: September 29, 2023; 4:15:09 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3922

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.

Published: September 29, 2023; 4:15:09 AM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-3979

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3920

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-3917

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-3914

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-3906

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 3.5 LOW
V2.0:(not available)
CVE-2023-3115

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.

Published: September 29, 2023; 3:15:13 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)