CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0805
https://notcve.org/view.php?id=CVE-2023-0805
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json https://gitlab.com/gitlab-org/gitlab/-/issues/391433 https://hackerone.com/reports/1850046 •
CVSS: 8.0EPSS: 1%CPEs: 3EXPL: 0CVE-2023-0756
https://notcve.org/view.php?id=CVE-2023-0756
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json https://gitlab.com/gitlab-org/gitlab/-/issues/390910 https://hackerone.com/reports/1864278 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4376
https://notcve.org/view.php?id=CVE-2022-4376
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json https://gitlab.com/gitlab-org/gitlab/-/issues/385246 https://hackerone.com/reports/1794713 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1787
https://notcve.org/view.php?id=CVE-2023-1787
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json https://gitlab.com/gitlab-org/gitlab/-/issues/394817 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0523
https://notcve.org/view.php?id=CVE-2023-0523
An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json https://gitlab.com/gitlab-org/gitlab/-/issues/389487 https://hackerone.com/reports/1842867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •