CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0362 – Improper Restriction of Rendered UI Layers or Frames in GitLab
https://notcve.org/view.php?id=CVE-2025-0362
10 Apr 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf. • https://gitlab.com/gitlab-org/gitlab/-/issues/512425 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1677 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1677
10 Apr 2025 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. • https://gitlab.com/gitlab-org/gitlab/-/issues/521117 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-13054 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-13054
13 Mar 2025 — An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions. • https://gitlab.com/gitlab-org/gitlab/-/issues/511004 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1072 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1072
07 Feb 2025 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer. • https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#denial-of-service-by-importing-malicious-crafted-fogbugz-import-payload • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5528 – Incomplete Comparison with Missing Factors in GitLab
https://notcve.org/view.php?id=CVE-2024-5528
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. • https://gitlab.com/gitlab-org/gitlab/-/issues/464558 • CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5117 – Exposure of Sensitive Information Due to Incompatible Policies in GitLab
https://notcve.org/view.php?id=CVE-2023-5117
25 Dec 2024 — An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL. Se descubrió un problema en GitLab CE/EE que afectaba a todas las versiones anteriores a 17.6.0 en el que los usuarios no sabían que se podía acceder a los archivos cargados para comentarios sobre temas confidenciales y epopeyas de proyec... • https://gitlab.com/gitlab-org/gitlab/-/issues/398250 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3441 – Exposure of Sensitive Information Due to Incompatible Policies in GitLab
https://notcve.org/view.php?id=CVE-2023-3441
01 Oct 2024 — An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. Se ha descubierto un problema en GitLab EE/CE que afecta a todas las versiones a partir de la 8.0 hasta la 16.4. El producto no advertía lo suficiente sobre las implicaciones de seguridad de otorgar derechos de fusión a ramas protegidas. • https://gitlab.com/gitlab-org/gitlab/-/issues/416482 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6502 – Incorrect Provision of Specified Functionality in GitLab
https://notcve.org/view.php?id=CVE-2024-6502
22 Aug 2024 — An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. • https://gitlab.com/gitlab-org/gitlab/-/issues/470647 • CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 1CVE-2024-8041 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-8041
22 Aug 2024 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. • https://gitlab.com/gitlab-org/gitlab/-/issues/463092 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-3958 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-3958
08 Aug 2024 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 17.0.6, 17.1 anterior a 17.1.4 y 17.2 anterior a 17.2.2. Se encontró un problema que permite a alguien ... • https://gitlab.com/gitlab-org/gitlab/-/issues/456988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •