CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8973 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-8973
09 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload. • https://gitlab.com/gitlab-org/gitlab/-/issues/491041 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0549 – Authentication Bypass Using an Alternate Path or Channel in GitLab
https://notcve.org/view.php?id=CVE-2025-0549
09 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. • https://gitlab.com/gitlab-org/gitlab/-/issues/513996 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1278 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-1278
09 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. • https://gitlab.com/gitlab-org/gitlab/-/issues/519580 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12244 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-12244
24 Apr 2025 — An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1. • https://gitlab.com/gitlab-org/gitlab/-/issues/508046 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0639 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-0639
24 Apr 2025 — An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. • https://gitlab.com/gitlab-org/gitlab/-/issues/514507 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1908 – Business Logic Errors in GitLab
https://notcve.org/view.php?id=CVE-2025-1908
24 Apr 2025 — An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. • https://gitlab.com/gitlab-org/gitlab/-/issues/523065 • CWE-840: Business Logic Errors •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0362 – Improper Restriction of Rendered UI Layers or Frames in GitLab
https://notcve.org/view.php?id=CVE-2025-0362
10 Apr 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf. • https://gitlab.com/gitlab-org/gitlab/-/issues/512425 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2469 – Debug Messages Revealing Unnecessary Information in GitLab
https://notcve.org/view.php?id=CVE-2025-2469
10 Apr 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. • https://gitlab.com/gitlab-org/gitlab/-/issues/525374 • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-11129 – Generation of Error Message Containing Sensitive Information in GitLab
https://notcve.org/view.php?id=CVE-2024-11129
10 Apr 2025 — An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term." • https://gitlab.com/gitlab-org/gitlab/-/issues/503722 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1677 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1677
10 Apr 2025 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. • https://gitlab.com/gitlab-org/gitlab/-/issues/521117 • CWE-770: Allocation of Resources Without Limits or Throttling •