992 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. • https://gitlab.com/gitlab-org/gitlab/-/issues/443559 https://hackerone.com/reports/2380264 • CWE-407: Inefficient Algorithmic Complexity •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. • https://gitlab.com/gitlab-org/gitlab/-/issues/480494 https://hackerone.com/reports/2649822 • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. • https://gitlab.com/gitlab-org/gitlab/-/issues/480706 https://hackerone.com/reports/2637996 • CWE-407: Inefficient Algorithmic Complexity •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. • https://gitlab.com/gitlab-org/gitlab/-/issues/480900 https://hackerone.com/reports/2648665 • CWE-407: Inefficient Algorithmic Complexity •

CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. • https://gitlab.com/gitlab-org/gitlab/-/issues/498257 https://hackerone.com/reports/2759470 • CWE-708: Incorrect Ownership Assignment •