gitlab

1,423 tracked vulnerabilities.

CVE-2023-4895 MEDIUM
GitLab 12.0-16.7.6 16.8-16.8.2 16.9-16.9.0 - Missing Authorization for Environment Details
Feb 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-6477 MEDIUM
GitLab EE <16.7.6-16.8.3-16.9.1 - Privilege Escalation
Feb 22, 2024
CVSS 6.7
EPSS 0.01
CVE-2023-3509 LOW
GitLab <16.7.6, <16.8.3, <16.9.1 - Info Disclosure
Feb 21, 2024
CVSS 3.7
EPSS 0.00
CVE-2023-6564 MEDIUM
GitLab EE Premium/Ultimate <16.4.3-16.6.1 - Privilege Escalation
Feb 08, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-6840 MEDIUM
GitLab 16.4-16.6.6, 16.7-16.7.4, 16.8-16.8.1 - Authenticated Protected Branch Rename Bypass
Feb 07, 2024
CVSS 6.7
EPSS 0.01
CVE-2023-6736 MEDIUM
GitLab 11.3-16.7.5, 16.8-16.8.2, 16.9-16.9.0 - Denial of Service via Malicious CODEOWNERS File
Feb 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-6159 MEDIUM
GitLab 12.7-16.6.5, 16.7-16.7.3, 16.8 - Regular Expression Denial of Service via Malicious Cargo.toml Input
Jan 26, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-5612 MEDIUM
GitLab < 16.6.6, 16.7 < 16.7.4, 16.8 < 16.8.1 - Unauthorized User Email Exposure via Tags Feed
Jan 26, 2024
CVSS 5.3
EPSS 0.04
CVE-2023-5933 MEDIUM
GitLab 13.7-16.6.5, 16.7-16.7.3, 16.8 - Cross-Site Scripting via User Name Input
Jan 26, 2024
CVSS 6.4
EPSS 0.01
CVE-2023-7028 CRITICAL KEVNUCLEI
GitLab Password Reset Account Takeover
Jan 12, 2024
CVSS 10.0
EPSS 0.95
CVE-2023-6955 MEDIUM
GitLab < 16.5.6, 16.6 < 16.6.4, 16.7 < 16.7.2 - Missing Authorization in Remote Development Workspace Creation
Jan 12, 2024
CVSS 6.6
EPSS 0.01
CVE-2023-5356 HIGH
GitLab 8.13-16.5.5, 16.6-16.6.3, 16.7-16.7.1 - Incorrect Authorization via Slack/Mattermost Integration
Jan 12, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-4812 HIGH
GitLab EE <16.5.6-16.7.2 - Auth Bypass
Jan 12, 2024
CVSS 7.6
EPSS 0.01
CVE-2023-2030 LOW
GitLab 12.2-16.5.5, 16.6-16.6.3, 16.7-16.7.1 - Improper Verification of Cryptographic Signature
Jan 12, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-3907 MEDIUM
GitLab 16.0-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - Privilege Escalation via Project Access Token
Dec 17, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-6680 HIGH
GitLab 11.6-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - Improper Certificate Validation in Smartcard Authentication
Dec 15, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-6051 MEDIUM
GitLab CE/EE <16.4.4, <16.5.4, <16.6.2 - Info Disclosure
Dec 15, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-5512 MEDIUM
GitLab 16.3-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - File Integrity Compromise via HTML-Encoded Filenames
Dec 15, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-5061 MEDIUM
GitLab <16.4.4-16.6.2 - Info Disclosure
Dec 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3904 MEDIUM
GitLab EE <16.4.4-16.5.4-16.6.2 - Buffer Overflow
Dec 15, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-3511 LOW
GitLab EE <16.4.4-16.6.2 - Info Disclosure
Dec 15, 2023
CVSS 2.0
EPSS 0.00
CVE-2023-5332 MEDIUM
GitLab 9.5.0-16.2.7 - Remote Code Execution via Consul Script Check Bypass
Dec 04, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-6033 HIGH
GitLab 15.10-16.4.2, 16.5-16.5.2, 16.6 - Stored Cross-Site Scripting in Jira Integration Configuration
Dec 01, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-5995 MEDIUM
GitLab 16.2.0-16.4.2, 16.5.0-16.5.2, 16.6.0 - Incorrect Authorization via Policy Bot Abuse
Dec 01, 2023
CVSS 4.4
EPSS 0.01
CVE-2023-5226 MEDIUM
GitLab < 16.4.3, 16.5-16.5.2, 16.6-16.6.0 - Branch Name Validation Bypass
Dec 01, 2023
CVSS 4.8
EPSS 0.01