CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0993 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-0993
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. • https://gitlab.com/gitlab-org/gitlab/-/issues/516927 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2853 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-2853
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. • https://gitlab.com/gitlab-org/gitlab/-/issues/527218 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3111 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3111
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. • https://gitlab.com/gitlab-org/gitlab/-/issues/533313 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4979 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-4979
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. • https://gitlab.com/gitlab-org/gitlab/-/issues/524455 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1278 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-1278
09 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. • https://gitlab.com/gitlab-org/gitlab/-/issues/519580 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0362 – Improper Restriction of Rendered UI Layers or Frames in GitLab
https://notcve.org/view.php?id=CVE-2025-0362
10 Apr 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf. • https://gitlab.com/gitlab-org/gitlab/-/issues/512425 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1677 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1677
10 Apr 2025 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. • https://gitlab.com/gitlab-org/gitlab/-/issues/521117 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2408 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-2408
10 Apr 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. • https://gitlab.com/gitlab-org/gitlab/-/issues/525323 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10307 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-10307
28 Mar 2025 — An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. • https://gitlab.com/gitlab-org/gitlab/-/issues/500497 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2255 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-2255
27 Mar 2025 — An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. Se ha detectado un problema en Gitlab EE/CE para AppSec que afecta a todas las versiones desde la 13.5.0 hasta la 17.8.6, la 17.9 hasta la 17.9.3 y la 17.10 hasta la 17.10.1. Algunos mensajes de error podrían permitir ataques de Cross-Site Scripting (XSS) para AppSec. • https://gitlab.com/gitlab-org/gitlab/-/issues/524635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •