CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-4207 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2024-4207
08 Aug 2024 — A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. Se descubrió un problema de cross-site scripting en GitLab que afecta a todas las versiones a partir de 5.1 anteriores a 17.0.6, a partir de 17.1 anteriores a 17.1.4 y a partir de 17.2 anteriores... • https://gitlab.com/gitlab-org/gitlab/-/issues/458236 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5423 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-5423
08 Aug 2024 — Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline. Se descubrieron múltiples condiciones de denegación de servicio (DoS) en GitLab CE/EE que afectan a todas las versiones desde 1.0 anterior a 17.0.6, desde 17.1 anterior a 17.1.4 y desde 17.2 anterior a 17.2.2, lo que permit... • https://gitlab.com/gitlab-org/gitlab/-/issues/463807 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6329 – Improper Encoding or Escaping of Output in GitLab
https://notcve.org/view.php?id=CVE-2024-6329
08 Aug 2024 — An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 8.16 anterior a 17.0.6, desde 17.1 anterior a 17.1.4 y desde 17.2 anterior a 17.2.2, lo que provoca que la interfaz web no pueda representar el diff correctamente ... • https://gitlab.com/gitlab-org/gitlab/-/issues/468937 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-1493 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-1493
26 Jun 2024 — An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 9.2 anterior a la 16.11.5, desde la 17.0 anterior a la 17.0.3 y desde la 17.1 anterior a la 17.1.1, con la lógica de procesamiento... • https://gitlab.com/gitlab-org/gitlab/-/issues/441806 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-4557 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-4557
26 Jun 2024 — Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline. Se han descubierto múltiples condiciones de denegación de servicio (DoS) en GitLab CE/EE que afectan a todas las versiones desde 1.0 anterior a 16.11.5, desde 17.0 anterior a 17.0.3 y desde 17.1 anterior a 17.1.1, lo que p... • https://gitlab.com/gitlab-org/gitlab/-/issues/460517 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-1736 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-1736
12 Jun 2024 — An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2. Una vulnerabilidad en el editor de canalización ... • https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-ci-interpolation-fix-bypass • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-1963 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-1963
12 Jun 2024 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 8.4 anterior a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2... • https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 1CVE-2024-4201 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2024-4201
12 Jun 2024 — A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. Se descubrió un problema de cross-site scripting en GitLab que afecta a todas las versiones desde 5.1 anteriores a 16.10.7, todas las versiones desde 16.11 anteriores a 16.... • https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#xss-and-content-injection-when-viewing-raw-xhtml-files-on-ios-devices • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6502 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2023-6502
23 May 2024 — A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page. Se descubrió una condición de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, a la versión 16.11 anterior a 16.11.3 y a 17.0 anterior a 17.0.1. Es posible que un atacante provoque una denegación de servicio u... • https://gitlab.com/gitlab-org/gitlab/-/issues/433534 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2CVE-2024-2874 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-2874
23 May 2024 — An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, la versión 16.11 anterior a 16.11.3 y la 17.0 anterior a 17.0.1. Un ejecutor registrado con una descripción manipulada tiene el potencial de interrumpir la ... • https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •