CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5528 – Incomplete Comparison with Missing Factors in GitLab
https://notcve.org/view.php?id=CVE-2024-5528
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. • https://gitlab.com/gitlab-org/gitlab/-/issues/464558 • CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9631 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-9631
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow. • https://gitlab.com/gitlab-org/gitlab/-/issues/480867 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6356 – Incorrect User Management in GitLab
https://notcve.org/view.php?id=CVE-2024-6356
05 Feb 2025 — An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. • https://gitlab.com/gitlab-org/gitlab/-/issues/469108 • CWE-286: Incorrect User Management •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0290 – Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
https://notcve.org/view.php?id=CVE-2025-0290
28 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. • https://gitlab.com/gitlab-org/gitlab/-/issues/372134 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11931 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2024-11931
24 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. • https://gitlab.com/gitlab-org/gitlab/-/issues/480901 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0314 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-0314
24 Jan 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting. • https://gitlab.com/gitlab-org/gitlab/-/issues/512118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13041 – Incorrect User Management in GitLab
https://notcve.org/view.php?id=CVE-2024-13041
09 Jan 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. • https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#instance-saml-does-not-respect-external_provider-configuration • CWE-286: Incorrect User Management •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6324 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-6324
09 Jan 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. • https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#cyclic-reference-of-epics-leads-resource-exhaustion • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12431 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-12431
08 Jan 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. • https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#unauthorized-user-can-manipulate-status-of-issues-in-public-projects • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0194 – Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab
https://notcve.org/view.php?id=CVE-2025-0194
08 Jan 2025 — An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have be... • https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •