CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 1CVE-2023-6033 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2023-6033
01 Dec 2023 — Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser. La neutralización inadecuada de la entrada en la configuración de integración de Jira en GitLab CE/EE, que afecta a todas las versiones desde 15.10 anteriores a 16.6.1, 16.5 anteriores a 16.5.3 y 16.4 anteriores a 16.4.3, permite al atacante ejecutar javascript en el nav... • https://gitlab.com/gitlab-org/gitlab/-/issues/431201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4379 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2023-4379
09 Nov 2023 — An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. Se descubrió un problema en GitLab EE que afecta a todas las versiones desde la 15.3 anterior a la 16.2.8, la 16.3 anterior a la 16.3.5 y la 16.4 anterior a la 16.4.1. La aprobación del propietario del código no se eliminó de las solicitudes de fusión cuando se actualizó... • https://gitlab.com/gitlab-org/gitlab/-/issues/415496 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4700 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2023-4700
06 Nov 2023 — An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. Un problema de autorización que afectaba a GitLab EE y afectaba a todas las versiones desde 14.7 anterior a 16.3.6, 16.4 anterior a 16.4.2 y 16.5 anterior a 16.5.1, permitía a un usuario ejecutar trabajos en entornos protegidos, sin pasar por las aprobaciones requeridas. • https://gitlab.com/gitlab-org/gitlab/-/issues/421937 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5963 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2023-5963
06 Nov 2023 — An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. Se ha descubierto un problema en GitLab EE con Advanced Search que afecta a todas las versiones desde 13.9 a 16.3.6, 16.4 anterior a 16.4.2 y 16.5 anterior a 16.5.1 que podría permitir una denegación de servicio en la función de Advanced Search al enc... • https://gitlab.com/gitlab-org/gitlab/-/issues/423468 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3399 – Insertion of Sensitive Information Into Sent Data in GitLab
https://notcve.org/view.php?id=CVE-2023-3399
06 Nov 2023 — An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. Se descubrió un problema en GitLab EE que afecta a todas las versiones desde 11.6 anteriores a 16.3.6, todas las versiones desde 16.4 anteriores a 16.4.2, todas las versiones desde 16.5 anteriore... • https://gitlab.com/gitlab-org/gitlab/-/issues/416244 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3909 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2023-3909
06 Nov 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 12.3 anteriores a 16.3.6, todas las versiones desde 16.4 anteriores a 16.4.2, todas las versiones desde 16.5 anter... • https://gitlab.com/gitlab-org/gitlab/-/issues/418763 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3246 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2023-3246
06 Nov 2023 — An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor. Se ha descubierto un problema en GitLab EE/CE que afecta a todas las versiones anteriores a 16.3.6, todas las versiones desde 16.4 anteriores a 16.4.2, todas las versiones desde 16.5 anteriores a 16.5.1, lo que permite a los atacantes bloquear el procesador de trabajos... • https://gitlab.com/gitlab-org/gitlab/-/issues/415371 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5106 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2023-5106
02 Oct 2023 — An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. Se ha descubierto un problema en Ultimate-licensed GitLab EE que afecta a todas las versiones desde 13.12 anteriores a 16.2.8, 16.3.0 anteriores a 16.3.5 y 16.4.0 anteriores a 16.4.1 y que podría permitir a un atacante hacerse pasar por usua... • https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3922 – URL Redirection to Untrusted Site ('Open Redirect') in GitLab
https://notcve.org/view.php?id=CVE-2023-3922
29 Sep 2023 — An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 8.15 anteriores a 16.2.8, todas las versiones desde 16.3 anteriores a 16.3.5, todas las versiones desde 16.4 anteriores a 16.4.1. Fue posible secuestrar alg... • https://gitlab.com/gitlab-org/gitlab/-/issues/394770 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2023-5198 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2023-5198
29 Sep 2023 — An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. Se descubrió un problema en GitLab que afecta a todas las versiones anteriores a 16.2.7, todas las versiones desde 16.3 anteriores a 16.3.5 y todas las versiones desde 16.4 anteriores a 16.4.1. Era posible que un miembro eliminado del proye... • https://gitlab.com/gitlab-org/gitlab/-/issues/416957 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •