VuXML ID | Description |
cdb5338d-04ec-11ee-9c88-001b217b3468 | Gitlab -- Vulnerability
Gitlab reports:
Stored-XSS with CSP-bypass in Merge requests
ReDoS via FrontMatterFilter in any Markdown fields
ReDoS via InlineDiffFilter in any Markdown fields
ReDoS via DollarMathPostFilter in Markdown fields
DoS via malicious test report artifacts
Restricted IP addresses can clone repositories of public projects
Reflected XSS in Report Abuse Functionality
Privilege escalation from maintainer to owner by importing members from a project
Bypassing tags protection in GitLab
Denial of Service using multiple labels with arbitrarily large descriptions
Ability to use an unverified email for public and commit emails
Open Redirection Through HTTP Response Splitting
Disclosure of issue notes to an unauthorized user when exporting a project
Ambiguous branch name exploitation
Discovery 2023-06-05 Entry 2023-06-07 gitlab-ce
ge 16.0.0 lt 16.0.2
ge 15.11.0 lt 15.11.7
ge 15.10.0 lt 15.10.8
ge 1.2 lt 15.9.8
CVE-2023-2442
CVE-2023-2199
CVE-2023-2198
CVE-2023-2132
CVE-2023-0121
CVE-2023-2589
CVE-2023-2015
CVE-2023-2485
CVE-2023-2001
CVE-2023-0921
CVE-2023-1204
CVE-2023-0508
CVE-2023-1825
CVE-2023-2013
https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/
|
54006796-cf7b-11ed-a5d5-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Cross-site scripting in "Maximum page reached" page
Private project guests can read new changes using a fork
Mirror repository error reveals password in Settings UI
DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint
Unauthenticated users can view Environment names from public projects limited to project members only
Copying information to the clipboard could lead to the execution of unexpected commands
Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL
Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release
Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown
MR for security reports are available to everyone
API timeout when searching for group issues
Unauthorised user can add child epics linked to victim's epic in an unrelated group
GitLab search allows to leak internal notes
Ambiguous branch name exploitation in GitLab
Improper permissions checks for moving an issue
Private project branches names can be leaked through a fork
Discovery 2023-03-30 Entry 2023-03-31 gitlab-ce
ge 15.10.0 lt 15.10.1
ge 15.9.0 lt 15.9.4
ge 8.1 lt 15.8.5
CVE-2022-3513
CVE-2023-0485
CVE-2023-1098
CVE-2023-1733
CVE-2023-0319
CVE-2023-1708
CVE-2023-0838
CVE-2023-0523
CVE-2023-0155
CVE-2023-1167
CVE-2023-1417
CVE-2023-1710
CVE-2023-0450
CVE-2023-1071
CVE-2022-3375
https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/
|
3cde510a-7135-11ed-a28b-bff032704f00 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
DAST API scanner exposes Authorization headers in vulnerabilities
Group IP allow-list not fully respected by the Package Registry
Deploy keys and tokens may bypass External Authorization service if it is enabled
Repository import still allows to import 40 hexadecimal branches
Webhook secret tokens leaked in webhook logs
Maintainer can leak webhook secret token by changing the webhook URL
Cross-site scripting in Jira Integration affecting self-hosted instances without strict CSP
Release names visible in public projects despite release set as project members only
Sidekiq background job DoS by uploading malicious NuGet packages
SSRF in Web Terminal advertise_address
Discovery 2022-11-30 Entry 2022-12-01 gitlab-ce
ge 15.6.0 lt 15.6.1
ge 15.5.0 lt 15.5.5
ge 9.3.0 lt 15.4.6
CVE-2022-4206
CVE-2022-3820
CVE-2022-3740
CVE-2022-4205
CVE-2022-3902
CVE-2022-4054
CVE-2022-3572
CVE-2022-3482
CVE-2022-3478
CVE-2022-4201
https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
|
aaea7b7c-4887-11ee-b164-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
Privilege escalation of "external user" to internal access through group service account
Maintainer can leak sentry token by changing the configured URL (fix bypass)
Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners
Information disclosure via project import endpoint
Developer can leak DAST scanners "Site Profile" request headers and auth password
Project forking outside current group
User is capable of creating Model experiment and updating existing run's status in public project
ReDoS in bulk import API
Pagination for Branches and Tags can be skipped leading to DoS
Internal Open Redirection Due to Improper handling of "../" characters
Subgroup Member With Reporter Role Can Edit Group Labels
Banned user can delete package registries
Discovery 2023-08-31 Entry 2023-09-01 gitlab-ce
ge 16.3.0 lt 16.3.1
ge 16.2.0 lt 16.2.5
ge 4.1.0 lt 16.1.5
CVE-2023-3915
CVE-2023-4378
CVE-2023-3950
CVE-2023-4630
CVE-2022-4343
CVE-2023-4638
CVE-2023-4018
CVE-2023-3205
CVE-2023-4647
CVE-2023-1279
CVE-2023-0120
CVE-2023-1555
https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/
|
61fe903b-bc2e-11ee-b06e-001b217b3468 | Gitlab -- vulnerabilities
Gitlab reports:
Arbitrary file write while creating workspace
ReDoS in Cargo.toml blob viewer
Arbitrary API PUT requests via HTML injection in user's name
Disclosure of the public email in Tags RSS Feed
Non-Member can update MR Assignees of owned MRs
Discovery 2024-01-25 Entry 2024-01-26 gitlab-ce
ge 16.8.0 lt 16.8.1
ge 16.7.0 lt 16.7.4
ge 16.6.0 lt 16.6.6
ge 12.7.0 lt 16.5.8
CVE-2024-0402
CVE-2023-6159
CVE-2023-5933
CVE-2023-5612
CVE-2024-0456
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
|
e2fb85ce-9a3c-11ee-af26-001b217b3468 | Gitlab -- vulnerabilities
Gitlab reports:
Smartcard authentication allows impersonation of arbitrary user using user's public certificate
When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge
The GitLab web interface does not ensure the integrity of information when downloading the source code from installation packages or tags
Project maintainer can escalate to Project owner using project access token rotate API
Omission of Double Encoding in File Names Facilitates the Creation of Repositories with Malicious Content
Unvalidated timeSpent value leads to unable to load issues on Issue board
Developer can bypass predefined variables via REST API
Auditor users can create merge requests on projects they don't have access to
Discovery 2023-12-13 Entry 2023-12-14 gitlab-ce
ge 16.6.0 lt 16.6.2
ge 16.5.0 lt 16.5.4
ge 8.17.0 lt 16.4.4
CVE-2023-6680
CVE-2023-6564
CVE-2023-6051
CVE-2023-3907
CVE-2023-5512
CVE-2023-3904
CVE-2023-5061
CVE-2023-3511
https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/
|
3b14b2b4-9014-11ee-98b3-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
XSS and ReDoS in Markdown via Banzai pipeline of Jira
Members with admin_group_member custom permission can add members with higher role
Release Description visible in public projects despite release set as project members only through atom response
Manipulate the repository content in the UI (CVE-2023-3401 bypass)
External user can abuse policy bot to gain access to internal projects
Client-side DOS via Mermaid Flowchart
Developers can update pipeline schedules to use protected branches even if they don't have permission to merge
Users can install Composer packages from public projects even when Package registry is turned off
Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches
Guest users can react (emojis) on confidential work items which they cant see in a project
Discovery 2023-11-30 Entry 2023-12-01 gitlab-ce
ge 16.6.0 lt 16.6.1
ge 16.5.0 lt 16.5.3
ge 8.13.0 lt 16.4.3
CVE-2023-6033
CVE-2023-6396
CVE-2023-3949
CVE-2023-5226
CVE-2023-5995
CVE-2023-4912
CVE-2023-4317
CVE-2023-3964
CVE-2023-4658
CVE-2023-3443
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
|
a612c25f-788a-11ee-8d57-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
Disclosure of CI/CD variables using Custom project templates
GitLab omnibus DoS crash via OOM with CI Catalogs
Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service
DoS - Blocking FIFO files in Tar archives
Titles exposed by service-desk template
Approval on protected environments can be bypassed
Version information disclosure when super_sidebar_logged_out feature flag is enabled
Add abuse detection for search syntax filter pipes
Discovery 2023-10-31 Entry 2023-11-01 gitlab-ce
ge 16.5.0 lt 16.5.1
ge 16.4.0 lt 16.4.2
ge 11.6.0 lt 16.3.6
CVE-2023-3399
CVE-2023-5825
CVE-2023-3909
CVE-2023-3246
CVE-2023-5600
CVE-2023-4700
CVE-2023-5831
https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/
|
6b2cba6a-c6a5-11ee-97d0-001b217b3468 | Gitlab -- vulnerabilities
Gitlab reports:
Restrict group access token creation for custom roles
Project maintainers can bypass group's scan result policy block_branch_modification setting
ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax
Resource exhaustion using GraphQL vulnerabilitiesCountByDay
Discovery 2024-02-07 Entry 2024-02-08 gitlab-ce
ge 16.8.0 lt 16.8.2
ge 16.7.0 lt 16.7.5
ge 13.3.0 lt 16.6.7
CVE-2024-1250
CVE-2023-6840
CVE-2023-6386
CVE-2024-1066
https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/
|
fa239535-30f6-11ee-aef9-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
ReDoS via ProjectReferenceFilter in any Markdown fields
ReDoS via AutolinkFilter in any Markdown fields
Regex DoS in Harbor Registry search
Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality
Stored XSS in Web IDE Beta via crafted URL
securityPolicyProjectAssign mutation does not authorize security policy project ID
An attacker can run pipeline jobs as arbitrary user
Possible Pages Unique Domain Overwrite
Access tokens may have been logged when a query was made to an endpoint
Reflected XSS via PlantUML diagram
The main branch of a repository with a specially designed name may allow an attacker to create repositories with malicious code
Invalid 'start_sha' value on merge requests page may lead to Denial of Service
Developers can create pipeline schedules on protected branches even if they don't have access to merge
Potential DOS due to lack of pagination while loading license data
Leaking emails of newly created users
Discovery 2023-08-01 Entry 2023-08-02 gitlab-ce
ge 16.2.0 lt 16.2.2
ge 16.1.0 lt 16.1.3
ge 9.3.0 lt 16.0.8
CVE-2023-3994
CVE-2023-3364
CVE-2023-0632
CVE-2023-3385
CVE-2023-2164
CVE-2023-4002
CVE-2023-4008
CVE-2023-3993
CVE-2023-3500
CVE-2023-3401
CVE-2023-3900
CVE-2023-2022
CVE-2023-4011
CVE-2023-1210
https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/
|
3a023570-91ab-11ed-8950-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Race condition on gitlab.com enables verified email forgery and third-party account hijacking
DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint
Maintainer can leak sentry token by changing the configured URL
Maintainer can leak masked webhook secrets by changing target URL of the webhook
Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP
Group access tokens continue to work after owner loses ability to revoke them
Users' avatar disclosure by user ID in private GitLab instances
Arbitrary Protocol Redirection in GitLab Pages
Regex DoS due to device-detector parsing user agents
Regex DoS in the Submodule Url Parser
Discovery 2023-01-09 Entry 2023-01-11 gitlab-ce
ge 15.7.0 lt 15.7.2
ge 15.6.0 lt 15.6.4
ge 6.6.0 lt 15.5.7
CVE-2022-4037
CVE-2022-3613
CVE-2022-4365
CVE-2022-4342
CVE-2022-3573
CVE-2022-4167
CVE-2022-3870
CVE-2023-0042
CVE-2022-4131
CVE-2022-3514
https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/
|
4ffcccae-e924-11ed-9c88-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Privilege escalation for external users when OIDC is enabled under certain conditions
Account takeover through open redirect for Group SAML accounts
Users on banned IP addresses can still commit to projects
User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables
The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release.
Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban.
The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.
XSS and content injection and iframe injection when viewing raw files on iOS devices
Authenticated users can find other users by their private email
Discovery 2023-05-02 Entry 2023-05-02 gitlab-ce
ge 15.11.0 lt 15.11.1
ge 15.10.0 lt 15.10.5
ge 9.0 lt 15.9.6
CVE-2023-2182
CVE-2023-1965
CVE-2023-1621
CVE-2023-2069
CVE-2023-1178
CVE-2023-0805
CVE-2023-0756
CVE-2023-1836
CVE-2022-4376
https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/
|
32a4896a-56da-11ee-9186-001b217b3468 | Gitlab -- vulnerability
Gitlab reports:
Attacker can abuse scan execution policies to run pipelines as another user
Discovery 2023-09-18 Entry 2023-09-19 gitlab-ce
ge 16.3.0 lt 16.3.4
ge 13.12.0 lt 16.2.7
CVE-2023-4998
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
|
03bf5157-d145-11ee-acee-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
Stored-XSS in user's profile page
User with "admin_group_members" permission can invite other groups to gain owner access
ReDoS issue in the Codeowners reference extractor
LDAP user can reset password using secondary email and login using direct authentication
Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard
Users with the Guest role can change Custom dashboard projects settings for projects in the victim group
Group member with sub-maintainer role can change title of shared private deploy keys
Bypassing approvals of CODEOWNERS
Discovery 2024-02-21 Entry 2024-02-22 gitlab-ce
ge 16.9.0 lt 16.9.1
ge 16.8.0 lt 16.8.3
ge 11.3.0 lt 16.7.6
CVE-2024-1451
CVE-2023-6477
CVE-2023-6736
CVE-2024-1525
CVE-2023-4895
CVE-2024-0861
CVE-2023-3509
CVE-2024-0410
https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/
|
b2caae55-dc38-11ee-96dc-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
Bypassing CODEOWNERS approval allowing to steal protected variables
Guest with manage group access tokens can rotate and see group access token with owner permissions
Discovery 2024-03-06 Entry 2024-03-07 gitlab-ce
ge 16.9.0 lt 16.9.2
ge 16.8.0 lt 16.8.4
ge 11.3.0 lt 16.7.7
CVE-2024-0199
CVE-2024-1299
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
|
f7c5b3a9-b9fb-11ed-99c6-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Stored XSS via Kroki diagram
Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings
Improper validation of SSO and SCIM tokens while managing groups
Maintainer can leak Datadog API key by changing Datadog site
Clipboard based XSS in the title field of work items
Improper user right checks for personal snippets
Release Description visible in public projects despite release set as project members only
Group integration settings sensitive information exposed to project maintainers
Improve pagination limits for commits
Gitlab Open Redirect Vulnerability
Maintainer may become an Owner of a project
Discovery 2023-03-02 Entry 2023-03-03 gitlab-ce
ge 15.9.0 lt 15.9.2
ge 15.8.0 lt 15.8.4
ge 9.0.0 lt 15.7.8
CVE-2023-0050
CVE-2022-4289
CVE-2022-4331
CVE-2023-0483
CVE-2022-4007
CVE-2022-3758
CVE-2023-0223
CVE-2022-4462
CVE-2023-1072
CVE-2022-3381
CVE-2023-1084
https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/
|
4c8c2218-b120-11ee-90ec-001b217b3468 | Gitlab -- vulnerabilities
Gitlab reports:
Account Takeover via Password Reset without user interactions
Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user
Bypass CODEOWNERS approval removal
Workspaces able to be created under different root namespace
Commit signature validation ignores headers after signature
Discovery 2024-01-11 Entry 2024-01-12 gitlab-ce
ge 16.7.0 lt 16.7.2
ge 16.6.0 lt 16.6.4
ge 8.13.0 lt 16.5.6
CVE-2023-7028
CVE-2023-5356
CVE-2023-4812
CVE-2023-6955
CVE-2023-2030
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
|
89fdbd85-ebd2-11ed-9c88-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Malicious Runner Attachment via GraphQL
Discovery 2023-05-05 Entry 2023-05-06 gitlab-ce
ge 15.11.0 lt 15.11.2
ge 15.10.0 lt 15.10.6
ge 9.0 lt 15.9.7
CVE-2023-2478
https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/
|
4a08a4fb-f152-11ed-9c88-001b217b3468 | Gitlab -- Vulnerability
Gitlab reports:
Smuggling code changes via merge requests with refs/replace
Discovery 2023-05-10 Entry 2023-05-13 gitlab-ce
ge 15.11.0 lt 15.11.3
ge 15.10.0 lt 15.10.7
ge 9.0 lt 15.9.8
CVE-2023-2181
https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/
|
3117e6cd-1772-11ee-9cd6-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
ReDoS via EpicReferenceFilter in any Markdown fields
New commits to private projects visible in forks created while project was public
New commits to private projects visible in forks created while project was public
Maintainer can leak masked webhook secrets by manipulating URL masking
Information disclosure of project import errors
Sensitive information disclosure via value stream analytics controller
Bypassing Code Owners branch protection rule in GitLab
HTML injection in email address
Webhook token leaked in Sidekiq logs if log format is 'default'
Private email address of service desk issue creator disclosed via issues API
Discovery 2023-06-29 Entry 2023-06-30 gitlab-ce
ge 16.1.0 lt 16.1.1
ge 16.0.0 lt 16.0.6
ge 15.11.0 lt 15.11.10
ge 7.14.0 lt 15.10.8
CVE-2023-3424
CVE-2023-2190
CVE-2023-3444
CVE-2023-2620
CVE-2023-3362
CVE-2023-3102
CVE-2023-2576
CVE-2023-2200
CVE-2023-3363
CVE-2023-1936
https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/
|
6e0ebb4a-5e75-11ee-a365-001b217b3468 | Gitlab -- vulnerabilities
Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project
Group import allows impersonation of users in CI pipelines
Developers can bypass code owners approval by changing a MR's base branch
Leaking source code of restricted project through a fork
Third party library Consul requires enable-script-checks to be False to enable patch
Service account not deleted when namespace is deleted allowing access to internal projects
Enforce SSO settings bypassed for public projects for Members without identity
Removed project member can write to protected branches
Unauthorised association of CI jobs for Machine Learning experiments
Force pipelines to not have access to protected variables and will likely fail using tags
Maintainer can create a fork relationship between existing projects
Disclosure of masked CI variables via processing CI/CD configuration of forks
Asset Proxy Bypass using non-ASCII character in asset URI
Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches
Removed Developer can continue editing the source code of a public project
A project reporter can leak owner's Sentry instance projects
Math rendering in markdown can escape container and hijack clicks
Discovery 2023-09-28 Entry 2023-09-29 gitlab-ce
ge 16.4.0 lt 16.4.1
ge 16.3.0 lt 16.3.5
ge 8.15 lt 16.2.8
CVE-2023-5207
CVE-2023-5207
CVE-2023-4379
CVE-2023-3413
CVE-2023-3914
CVE-2023-3115
CVE-2023-5198
CVE-2023-4532
CVE-2023-3917
CVE-2023-3920
CVE-2023-0989
CVE-2023-3906
CVE-2023-4658
CVE-2023-3979
CVE-2023-2233
CVE-2023-3922
https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
|
ee890be3-a1ec-11ed-a81d-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Denial of Service via arbitrarily large Issue descriptions
CSRF via file upload allows an attacker to take over a repository
Sidekiq background job DoS by uploading malicious CI job artifact zips
Sidekiq background job DoS by uploading a malicious Helm package
Discovery 2023-01-31 Entry 2023-02-01 gitlab-ce
ge 15.8.0 lt 15.8.1
ge 15.7.0 lt 15.7.6
ge 12.4.0 lt 15.6.7
CVE-2022-3411
CVE-2022-4138
CVE-2022-3759
CVE-2023-0518
https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/
|