U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:16.9.3:*:*:*:community:*:*:*
  • CPE Name Search: true
There are 77 matching records.
Displaying matches 61 through 77.
Vuln ID Summary CVSS Severity
CVE-2023-7045

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).

Published: May 23, 2024; 7:15:23 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-6502

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.

Published: May 23, 2024; 7:15:22 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-4835

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

Published: May 23, 2024; 3:15:09 AM -0400
V4.0:(not available)
V3.1: 8.2 HIGH
V2.0:(not available)
CVE-2024-2874

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

Published: May 23, 2024; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-4597

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

Published: May 14, 2024; 11:44:10 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-4539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.

Published: May 14, 2024; 11:44:01 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-2651

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.

Published: May 14, 2024; 11:20:14 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-2454

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.

Published: May 14, 2024; 11:19:23 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-6682

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server.

Published: May 14, 2024; 10:35:29 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-4024

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.

Published: April 25, 2024; 10:15:09 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-4006

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

Published: April 25, 2024; 10:15:09 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-2829

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.

Published: April 25, 2024; 7:15:46 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-2434

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

Published: April 25, 2024; 7:15:45 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-1347

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

Published: April 25, 2024; 7:15:45 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.

Published: April 11, 2024; 9:15:57 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-2279

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

Published: April 11, 2024; 9:15:57 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-6489

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.

Published: April 11, 2024; 9:15:57 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)