Количество 5 332
Количество 5 332
GHSA-m99q-r6r6-wxx3
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
GHSA-m96m-mfqc-86mf
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.
GHSA-m8q6-f6pj-j3mh
An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses.
GHSA-m8p6-xp2q-8w7h
A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
GHSA-m8j6-rg22-ww2f
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
GHSA-m8gr-q643-3q88
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.
GHSA-m874-44cm-939v
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
GHSA-m7f3-552r-pf23
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
GHSA-m77g-m5w2-j2f3
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
GHSA-m766-xfqm-qm37
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.
GHSA-m6pw-2x85-c738
In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.
GHSA-m6m2-gm49-gp5r
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
GHSA-m5gx-r8rq-3635
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
GHSA-m4hq-98c3-4xmx
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
GHSA-m48m-pq7g-rfh9
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.
GHSA-m393-h7jj-5g9w
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
GHSA-m37q-w59j-4vr4
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
GHSA-m2g4-fcc3-wp4v
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.
GHSA-m25p-vj7m-w42v
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
GHSA-m24j-g9jw-ggjj
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-m99q-r6r6-wxx3 An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| GHSA-m96m-mfqc-86mf An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. | CVSS3: 6.3 | 0% Низкий | больше 2 лет назад |
| GHSA-m8q6-f6pj-j3mh An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
| GHSA-m8p6-xp2q-8w7h A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. | 0% Низкий | больше 3 лет назад | |
| GHSA-m8j6-rg22-ww2f An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | CVSS3: 2.7 | 0% Низкий | больше 3 лет назад |
| GHSA-m8gr-q643-3q88 An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| GHSA-m874-44cm-939v GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | 0% Низкий | больше 3 лет назад | |
| GHSA-m7f3-552r-pf23 A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | CVSS3: 8.8 | 94% Критический | больше 3 лет назад |
| GHSA-m77g-m5w2-j2f3 GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. | 0% Низкий | больше 3 лет назад | |
| GHSA-m766-xfqm-qm37 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. | CVSS3: 6.8 | 0% Низкий | около 2 месяцев назад |
| GHSA-m6pw-2x85-c738 In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call. | 0% Низкий | больше 3 лет назад | |
| GHSA-m6m2-gm49-gp5r GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. | 0% Низкий | больше 3 лет назад | |
| GHSA-m5gx-r8rq-3635 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | 0% Низкий | больше 3 лет назад | |
| GHSA-m4hq-98c3-4xmx A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | CVSS3: 8.2 | 0% Низкий | больше 2 лет назад |
| GHSA-m48m-pq7g-rfh9 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. | 0% Низкий | больше 3 лет назад | |
| GHSA-m393-h7jj-5g9w GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-m37q-w59j-4vr4 An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | CVSS3: 5.3 | 93% Критический | почти 4 года назад |
| GHSA-m2g4-fcc3-wp4v An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m25p-vj7m-w42v An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | 0% Низкий | больше 3 лет назад | |
| GHSA-m24j-g9jw-ggjj GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу