CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2878 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-2878
05 Feb 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. • https://gitlab.com/gitlab-org/gitlab/-/issues/451918 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-3976 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-3976
05 Feb 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users. • https://gitlab.com/gitlab-org/gitlab/-/issues/457140 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5528 – Incomplete Comparison with Missing Factors in GitLab
https://notcve.org/view.php?id=CVE-2024-5528
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. • https://gitlab.com/gitlab-org/gitlab/-/issues/464558 • CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9631 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-9631
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow. • https://gitlab.com/gitlab-org/gitlab/-/issues/480867 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6356 – Incorrect User Management in GitLab
https://notcve.org/view.php?id=CVE-2024-6356
05 Feb 2025 — An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. • https://gitlab.com/gitlab-org/gitlab/-/issues/469108 • CWE-286: Incorrect User Management •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-1539 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-1539
05 Feb 2025 — An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. • https://gitlab.com/gitlab-org/gitlab/-/issues/442049 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6195 – Server-Side Request Forgery (SSRF) in GitLab
https://notcve.org/view.php?id=CVE-2023-6195
30 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository. • https://gitlab.com/gitlab-org/gitlab/-/issues/432276 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-1211 – Cross-Site Request Forgery (CSRF) in GitLab
https://notcve.org/view.php?id=CVE-2024-1211
30 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider. • https://gitlab.com/gitlab-org/gitlab/-/issues/440313 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0290 – Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
https://notcve.org/view.php?id=CVE-2025-0290
28 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. • https://gitlab.com/gitlab-org/gitlab/-/issues/372134 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11931 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2024-11931
24 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. • https://gitlab.com/gitlab-org/gitlab/-/issues/480901 • CWE-1220: Insufficient Granularity of Access Control •