CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1178
https://notcve.org/view.php?id=CVE-2023-1178
03 May 2023 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1204
https://notcve.org/view.php?id=CVE-2023-1204
03 May 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1265
https://notcve.org/view.php?id=CVE-2023-1265
03 May 2023 — An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json • CWE-384: Session Fixation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-0155
https://notcve.org/view.php?id=CVE-2023-0155
03 May 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1836
https://notcve.org/view.php?id=CVE-2023-1836
03 May 2023 — A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0756
https://notcve.org/view.php?id=CVE-2023-0756
03 May 2023 — An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2069
https://notcve.org/view.php?id=CVE-2023-2069
03 May 2023 — An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4376
https://notcve.org/view.php?id=CVE-2022-4376
03 May 2023 — An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1098
https://notcve.org/view.php?id=CVE-2023-1098
05 Apr 2023 — An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json •
CVSS: 3.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3375
https://notcve.org/view.php?id=CVE-2022-3375
05 Apr 2023 — An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json •