gitlab

CVE-2023-6195 LOW

GitLab CE/EE <16.9.7, <16.10.5, <16.11.2 - SSRF

Jan 31, 2025

CVSS 2.6

EPSS 0.00

CVE-2023-5117 LOW

GitLab < 17.6.0 - Unauthenticated Exposure of Sensitive Files via Direct URL Access

Dec 25, 2024

CVSS 3.7

EPSS 0.00

CVE-2023-3441 MEDIUM

GitLab EE/CE <16.4 - Info Disclosure

Oct 01, 2024

CVSS 6.6

EPSS 0.00

CVE-2023-7045 MEDIUM

GitLab 13.11-16.10.5 16.11-16.11.2 17.0 - Cross-Site Request Forgery via Kubernetes Agent Server

May 23, 2024

CVSS 5.4

EPSS 0.00

CVE-2023-6502 MEDIUM

GitLab CE/EE <16.10.6, <16.11.3, <17.0.1 - DoS

May 23, 2024

CVSS 4.3

EPSS 0.00

CVE-2023-6688 MEDIUM

GitLab 16.11.0-16.11.1 - Denial of Service via Google Chat Messages Integration

May 14, 2024

CVSS 6.5

EPSS 0.00

CVE-2023-6682 MEDIUM

GitLab 16.9-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via Discord Integration Chat Message Processing

May 14, 2024

CVSS 6.5

EPSS 0.00

CVE-2023-6678 MEDIUM

GitLab < 16.8.6, 16.9 < 16.9.4, 16.10 < 16.10.2 - Denial of Service via JUnit Test Report File

Apr 12, 2024

CVSS 4.3

EPSS 0.00

CVE-2023-6489 MEDIUM

GitLab CE/EE <16.8.6, <16.9.4, <16.10.2 - DoS

Apr 12, 2024

CVSS 4.3

EPSS 0.00

CVE-2023-6371 HIGH

GitLab CE/EE <16.8.5-16.9.3-16.10.1 - XSS

Mar 28, 2024

CVSS 8.7

EPSS 0.00

CVE-2023-4895 MEDIUM

GitLab 12.0-16.7.6 16.8-16.8.2 16.9-16.9.0 - Missing Authorization for Environment Details

Feb 22, 2024

CVSS 4.3

EPSS 0.00

CVE-2023-6477 MEDIUM

GitLab EE <16.7.6-16.8.3-16.9.1 - Privilege Escalation

Feb 22, 2024

CVSS 6.7

EPSS 0.00

CVE-2023-3509 LOW

GitLab <16.7.6, <16.8.3, <16.9.1 - Info Disclosure

Feb 21, 2024

CVSS 3.7

EPSS 0.00

CVE-2023-6564 MEDIUM

GitLab EE Premium/Ultimate <16.4.3-16.6.1 - Privilege Escalation

Feb 08, 2024

CVSS 6.5

EPSS 0.00

CVE-2023-6840 MEDIUM

GitLab 16.4-16.6.6, 16.7-16.7.4, 16.8-16.8.1 - Authenticated Protected Branch Rename Bypass

Feb 07, 2024

CVSS 6.7

EPSS 0.00

CVE-2023-6736 MEDIUM

GitLab 11.3-16.7.5, 16.8-16.8.2, 16.9-16.9.0 - Denial of Service via Malicious CODEOWNERS File

Feb 07, 2024

CVSS 6.5

EPSS 0.00

CVE-2023-6159 MEDIUM

GitLab 12.7-16.6.5, 16.7-16.7.3, 16.8 - Regular Expression Denial of Service via Malicious Cargo.toml Input

Jan 26, 2024

CVSS 6.5

EPSS 0.01

CVE-2023-5612 MEDIUM

GitLab < 16.6.6, 16.7 < 16.7.4, 16.8 < 16.8.1 - Unauthorized User Email Exposure via Tags Feed

Jan 26, 2024

CVSS 5.3

EPSS 0.26

CVE-2023-5933 MEDIUM

GitLab 13.7-16.6.5, 16.7-16.7.3, 16.8 - Cross-Site Scripting via User Name Input

Jan 26, 2024

CVSS 6.4

EPSS 0.10

CVE-2023-7028 CRITICAL KEVNUCLEI

GitLab Password Reset Account Takeover

Jan 12, 2024

CVSS 10.0

EPSS 0.94

CVE-2023-6955 MEDIUM

GitLab < 16.5.6, 16.6 < 16.6.4, 16.7 < 16.7.2 - Missing Authorization in Remote Development Workspace Creation

Jan 12, 2024

CVSS 6.6

EPSS 0.00

CVE-2023-5356 HIGH

GitLab 8.13-16.5.5, 16.6-16.6.3, 16.7-16.7.1 - Incorrect Authorization via Slack/Mattermost Integration

Jan 12, 2024

CVSS 7.3

EPSS 0.00

CVE-2023-4812 HIGH

GitLab EE <16.5.6-16.7.2 - Auth Bypass

Jan 12, 2024

CVSS 7.6

EPSS 0.00

CVE-2023-2030 LOW

GitLab 12.2-16.5.5, 16.6-16.6.3, 16.7-16.7.1 - Improper Verification of Cryptographic Signature

Jan 12, 2024

CVSS 3.5

EPSS 0.00

CVE-2023-3907 MEDIUM

GitLab 16.0-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - Privilege Escalation via Project Access Token

Dec 17, 2023

CVSS 4.9

EPSS 0.00