Writeup Exploits
60,661 exploits tracked across all sources.
GitLab 11.3.0-11.5.7, 11.6.0-11.6.5, 11.7.0 - Information Disclosure via Private Profile Contribution Data
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.
CVSS 7.5
GitLab 11.5.0-11.5.7, 11.6.0-11.6.5, 11.7.0 - Open Redirect via Profile Name in Notification Emails
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
CVSS 7.5
GitLab < 11.11.6, < 12.0.4, < 12.1.2 - Authorization Bypass via Project Archive File Upload
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
CVSS 6.5
GitLab < 11.11.6, 12.0.4, 12.1.2 - Privilege Escalation via Mattermost Slash Commands
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.
CVSS 8.8
GitLab 11.11.2-11.11.6 - Stored Cross-Site Scripting in Wiki Pages
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS 5.4
GitLab 11.5.0-11.11.7 - Authorization Bypass via Merge Request Endpoint
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
CVSS 4.3
GitLab 8.14.0-11.11.7 - Exposure of Sensitive Information via Move Issue Feature
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
CVSS 4.3
GitLab 10.2.0-11.11.7 - Server-Side Request Forgery via DNS Rebinding Protection Bypass
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVSS 9.8
GitLab 11.11.0-11.11.6 - Missing Authorization in CI Badge Images Endpoint
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS 5.3
GitLab 9.0.0-11.11.7 - Insufficient Session Expiration via Trigger Token Rotation
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVSS 8.8
GitLab 7.9.0-12.2.1 - Exposure of Sensitive Information via EXIF Geolocation Data
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
CVSS 5.3
GitLab 8.1-12.2.1 - Stored Cross-Site Scripting in Markdown Renderer
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVSS 6.1
GitLab 12.0-12.2.1 - Unauthorized Exposure of Merge Request IDs via Email
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
CVSS 5.3
GitLab < 12.2.1 - Authentication and Session Management Issue
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
CVSS 6.5
GitLab < 12.2.1 - Denial of Service via CI Pipeline Resource Exhaustion
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
CVSS 7.5
GitLab 8.6.0-12.2.1 - Unauthorized Exposure of Sensitive Commit and Comment Data
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
CVSS 4.3
GitLab 7.12-12.2.1 - Unauthorized Exposure of Default Branch Name
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
CVSS 4.3
GitLab CE/EE <12.2.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
CVSS 5.3
GitLab 12.0-12.2.1 - Unauthenticated Merge Request Comment Access
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.
CVSS 5.3
GitLab 8.14.0-12.2.1 - Server-Side Request Forgery via Jira Integration
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.
CVSS 7.5
GitLab 8.18-12.2.1 - Information Disclosure via Merge Request Pipeline Endpoint
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
CVSS 7.5
GitLab 10.1-12.2.1 - Server-Side Request Forgery via Kubernetes Integration
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
CVSS 7.5
GitLab < 12.2.1 - Information Disclosure via Markdown Embedded Media
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
CVSS 5.3
GitLab 11.10.0-12.2.1 - Cross-Site Scripting in Label Descriptions
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
CVSS 6.1
GitLab 8.15.0-12.2.1 - Denial of Service via Markdown Mathematical Expression Parsing
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
CVSS 7.5
By Source