CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8116 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-8116
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. • https://gitlab.com/gitlab-org/gitlab/-/issues/480509 https://hackerone.com/reports/2666216 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8650 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/486300 https://hackerone.com/reports/2705909 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8179 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2024-8179
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled. • https://gitlab.com/gitlab-org/gitlab/-/issues/480718 https://hackerone.com/reports/2665929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8233 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-8233
An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request. • https://gitlab.com/gitlab-org/gitlab/-/issues/480867 https://hackerone.com/reports/2650086 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8647 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
https://notcve.org/view.php?id=CVE-2024-8647
An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. • https://gitlab.com/gitlab-org/gitlab/-/issues/486051 https://hackerone.com/reports/2666341 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •