CVE-2023-2198
https://notcve.org/view.php?id=CVE-2023-2198
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json https://gitlab.com/gitlab-org/gitlab/-/issues/408273 https://hackerone.com/reports/1947187 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-2001
https://notcve.org/view.php?id=CVE-2023-2001
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json https://gitlab.com/gitlab-org/gitlab/-/issues/406764 https://hackerone.com/reports/1908423 •
CVE-2023-2199
https://notcve.org/view.php?id=CVE-2023-2199
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json https://gitlab.com/gitlab-org/gitlab/-/issues/408272 https://hackerone.com/reports/1943819 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-0921 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2023-0921
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json https://gitlab.com/gitlab-org/gitlab/-/issues/392433 https://hackerone.com/reports/1869839 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-1621
https://notcve.org/view.php?id=CVE-2023-1621
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json https://gitlab.com/gitlab-org/gitlab/-/issues/399774 https://hackerone.com/reports/1914049 •