Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / gitlab

gitlab

1,383 tracked vulnerabilities.

CVE-2024-8650 MEDIUM

GitLab CE/EE <17.4.6-17.6.2 - Info Disclosure

CVE-2024-8116 MEDIUM

GitLab CE/EE <17.4.6-17.6.2 - Info Disclosure

CVE-2024-9387 MEDIUM

GitLab 11.8-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Open Redirect via Releases API Endpoint

CVE-2024-9367 MEDIUM

GitLab 13.9-17.4.5 17.5-17.5.3 17.6-17.6.1 - Denial of Service via Changelog Template Parsing

CVE-2024-8647 MEDIUM

GitLab 15.2-17.4.6, 17.5 < 17.5.4, 17.6 < 17.6.2 - Anti-CSRF Token Leak via Harbor Integration

CVE-2024-8233 HIGH

GitLab 9.4.0-17.4.5, 17.5.0-17.5.3, 17.6.0-17.6.1 - Denial of Service via Diff File Requests

CVE-2024-8179 MEDIUM

GitLab 17.3-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Cross-Site Scripting when CSP Disabled

CVE-2024-12570 MEDIUM

GitLab CE/EE <17.4.6-17.5.4-17.6.2 - Info Disclosure

CVE-2024-12292 MEDIUM

GitLab 11.0-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Sensitive Information Disclosure in GraphQL Logs

CVE-2024-11274 HIGH

GitLab 16.1-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Session Data Exfiltration via NEL Header Injection in k8s Proxy Response

CVE-2024-10043 LOW

GitLab EE <17.4.6-17.6.2 - Info Disclosure

CVE-2024-10240 MEDIUM

GitLab EE <17.3.7-17.5.2 - Info Disclosure

CVE-2024-8237 MEDIUM

GitLab CE/EE <12.6-17.4.5, <17.5-17.5.3, <17.6-17.6.1 - DoS

CVE-2024-8177 MEDIUM

GitLab CE/EE <17.4.5/<17.5.3/<17.6.1 - DoS

CVE-2024-8114 HIGH

GitLab CE/EE <17.4.5-17.6.1 - Privilege Escalation

CVE-2024-11828 MEDIUM

GitLab 13.2.4-17.4.4, 17.5-17.5.2, 17.6-17.6.0 - Denial of Service via Crafted API Calls

CVE-2024-11669 MEDIUM

GitLab CE/EE <17.4.5-17.6.1 - Info Disclosure

CVE-2024-11668 MEDIUM

GitLab CE/EE <17.4.5-17.6.1 - Auth Bypass

CVE-2024-9633 LOW

GitLab CE/EE <17.4.2-17.5.4-17.6.2 - Info Disclosure

CVE-2024-8648 MEDIUM

GitLab 16.0.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Stored Cross-Site Scripting via Analytics Dashboard URL

CVE-2024-7404 MEDIUM

GitLab CE/EE <17.3.7-17.5.2 - Privilege Escalation

CVE-2024-9693 HIGH

GitLab 16.0-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Incorrect Authorization for Kubernetes Agent Access

CVE-2024-8180 MEDIUM

GitLab 17.3.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Cross-Site Scripting via Vulnerability Code Flow

CVE-2024-8312 HIGH

GitLab 15.10-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Cross-Site Scripting via Global Search Field on Diff View

CVE-2024-6826 MEDIUM

GitLab 11.2-17.3.5 17.4.0-17.4.2 17.5.0 - Denial of Service via Malicious XML Manifest Import

Previous Page 12 of 56 Next

Products

gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy