Gitlab Exploits

432 exploits tracked across all sources.

Sort: Newest Stars
CVE-2024-21413 GITLAB CRITICAL
Microsoft 365 Apps - Improper Input Validation
Microsoft Outlook Remote Code Execution Vulnerability
by ThemeHackers
CVSS 9.8
CVE-2024-10914 GITLAB HIGH
Dlink Dns-320 Firmware - Command Injection
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
by ThemeHackers
CVSS 8.1
CVE-2024-3094 GITLAB CRITICAL
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
by ThemeHackers
CVSS 10.0
CVE-2024-6387 GITLAB HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by ThemeHackers
CVSS 8.1
CVE-2024-0044 GITLAB MEDIUM
PackageInstallerService - Privilege Escalation
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
by user.gameover.user
CVSS 6.7
CVE-2024-1485 GITLAB HIGH
Devfile Registry-support < 0.0.0-20240206 - Path Traversal
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
by christianking
CVSS 8.0
CVE-2024-49113 GITLAB HIGH
Microsoft Windows 10 1507 < 10.0.10240.20857 - Out-of-Bounds Read
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
by ksmith51
CVSS 7.5
CVE-2024-31982 GITLAB CRITICAL
XWiki Platform <4.10.20,15.5.4,15.10-rc-1 - RCE
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
by LibreCoder951
CVSS 10.0
CVE-2024-6387 GITLAB HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by OhDamnn
CVSS 8.1
CVE-2024-27198 GITLAB CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by wnds0r
CVSS 9.8
CVE-2024-21887 GITLAB CRITICAL
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
by mdelaclaire
CVSS 9.1
CVE-2024-4040 GITLAB CRITICAL
CrushFTP <10.7.1-11.1.0 - RCE
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by mdelaclaire
CVSS 9.8
CVE-2024-0582 GITLAB HIGH
Linux Kernel - Memory Corruption
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
by robbert1978
CVSS 7.8
CVE-2024-50050 GITLAB MEDIUM
Llama Stack <7a8aa775e5a267cf8660d83140011a0b7f91e005 - RCE
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.
by sastraadiwiguna-purpleeliteteaming
CVSS 6.3
CVE-2024-9387 GITLAB MEDIUM
Gitlab < 17.4.6 - Open Redirect
An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.
by hackerone_a0xnirudh
CVSS 6.4
CVE-2024-6323 GITLAB HIGH
GitLab EE <16.11.5, <17.0.3, <17.1.1 - Info Disclosure
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
by hackerone3183208
CVSS 7.5
CVE-2023-23415 GITLAB CRITICAL
Microsoft Windows 10 1507 < 10.0.10240.19805 - Heap Buffer Overflow
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
by spdtnl
CVSS 9.8
CVE-2023-33443 GITLAB CRITICAL
BES-6024PB-I50H1 VideoPlayTool <2.0.1.0 - Command Injection
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints.
by FallFur
1 stars
CVSS 9.8
CVE-2023-3519 GITLAB CRITICAL
Unspecified Product <Version> - RCE
Unauthenticated remote code execution
by Chernenkov
CVSS 9.8
CVE-2023-0179 GITLAB HIGH
Linux Kernel - Buffer Overflow
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
by Zibri
CVSS 7.8
CVE-2023-34960 GITLAB CRITICAL
Chamilo unauthenticated command injection in PowerPoint upload
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
by aituglo
CVSS 9.8
CVE-2023-20186 GITLAB HIGH
Cisco IOS - Auth Bypass
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device.
by hendrikvb
CVSS 8.0
CVE-2023-20198 GITLAB CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by tdubiel1
CVSS 10.0
CVE-2023-20198 GITLAB CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by emomeni
CVSS 10.0
CVE-2023-38545 GITLAB CRITICAL
curl - Buffer Overflow
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
by khadijaoussakel
CVSS 9.8
By Source
All 432 Exploitdb 50,196 Writeup 43,086 Nomisec 19,741 Metasploit 3,028 Github 2,090 Vulncheck_xdb 887 Inthewild 518 Gitlab 432 Gitee 415 Patchapalooza 312
By Language
text 31,307 python 5,762 ruby 5,759 c 3,536 perl 2,854 html 2,051 php 1,332 bash 459 java 359 javascript 255 c++ 242 shell 54 go 38 postscript 25 xml 24