CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5528 – Incomplete Comparison with Missing Factors in GitLab
https://notcve.org/view.php?id=CVE-2024-5528
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. • https://gitlab.com/gitlab-org/gitlab/-/issues/464558 • CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9631 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-9631
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow. • https://gitlab.com/gitlab-org/gitlab/-/issues/480867 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6356 – Incorrect User Management in GitLab
https://notcve.org/view.php?id=CVE-2024-6356
05 Feb 2025 — An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. • https://gitlab.com/gitlab-org/gitlab/-/issues/469108 • CWE-286: Incorrect User Management •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-1539 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-1539
05 Feb 2025 — An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. • https://gitlab.com/gitlab-org/gitlab/-/issues/442049 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6386 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2023-6386
05 Feb 2025 — A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation. • https://gitlab.com/gitlab-org/gitlab/-/issues/433147 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6195 – Server-Side Request Forgery (SSRF) in GitLab
https://notcve.org/view.php?id=CVE-2023-6195
30 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository. • https://gitlab.com/gitlab-org/gitlab/-/issues/432276 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-1211 – Cross-Site Request Forgery (CSRF) in GitLab
https://notcve.org/view.php?id=CVE-2024-1211
30 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider. • https://gitlab.com/gitlab-org/gitlab/-/issues/440313 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0290 – Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
https://notcve.org/view.php?id=CVE-2025-0290
28 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. • https://gitlab.com/gitlab-org/gitlab/-/issues/372134 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13041 – Incorrect User Management in GitLab
https://notcve.org/view.php?id=CVE-2024-13041
09 Jan 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. • https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#instance-saml-does-not-respect-external_provider-configuration • CWE-286: Incorrect User Management •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6324 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-6324
09 Jan 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. • https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#cyclic-reference-of-epics-leads-resource-exhaustion • CWE-407: Inefficient Algorithmic Complexity •