CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-1963 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-1963
12 Jun 2024 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 8.4 anterior a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2... • https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 1CVE-2024-4201 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2024-4201
12 Jun 2024 — A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. Se descubrió un problema de cross-site scripting en GitLab que afecta a todas las versiones desde 5.1 anteriores a 16.10.7, todas las versiones desde 16.11 anteriores a 16.... • https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#xss-and-content-injection-when-viewing-raw-xhtml-files-on-ios-devices • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5318 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-5318
24 May 2024 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 11.11 anterior a la 16.10.6, desde la 16.11 anterior a la 16.11.3 y desde la 17.0 anterior a la 17.0.1. Un usuario invitado puede ver listas de dependencias de pro... • https://gitlab.com/gitlab-org/gitlab/-/issues/427526 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6502 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2023-6502
23 May 2024 — A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page. Se descubrió una condición de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, a la versión 16.11 anterior a 16.11.3 y a 17.0 anterior a 17.0.1. Es posible que un atacante provoque una denegación de servicio u... • https://gitlab.com/gitlab-org/gitlab/-/issues/433534 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2CVE-2024-2874 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-2874
23 May 2024 — An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, la versión 16.11 anterior a 16.11.3 y la 17.0 anterior a 17.0.1. Un ejecutor registrado con una descripción manipulada tiene el potencial de interrumpir la ... • https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2651 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-2651
09 May 2024 — An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.9.7, todas las versiones desde 16.10 anteriores a 16.10.5, todas las versiones desde 16.11 anteriores a 16.11.2. Era posible que un atac... • https://gitlab.com/gitlab-org/gitlab/-/issues/450830 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4024 – Authentication Bypass by Assumed-Immutable Data in GitLab
https://notcve.org/view.php?id=CVE-2024-4024
25 Apr 2024 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 7.8 an... • https://gitlab.com/gitlab-org/gitlab/-/issues/452426 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-1347 – Authentication Bypass by Spoofing in GitLab
https://notcve.org/view.php?id=CVE-2024-1347
25 Apr 2024 — An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.9.6, todas las versiones desde 16.10 anteriores a 16.10.4, todas las versiones desde 16.11 anter... • https://gitlab.com/gitlab-org/gitlab/-/issues/441093 • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2829 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-2829
25 Apr 2024 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 12.5 anteriores a 16.9.6, todas las versiones desde 16.10 anteriores a 16.10.4, todas las versiones desde 16.11 anteriores a 16.11.1. Un filtro comodín manipul... • https://gitlab.com/gitlab-org/gitlab/-/issues/451456 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6678 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2023-6678
12 Apr 2024 — An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. Se descubrió un problema en GitLab EE que afecta a todas las versiones anteriores a 16.8.6, todas las versiones desde 16.9 anteriores a 16.9.4, todas las versiones desde 16.10 anteriores a 16.10.2. Era posible que ... • https://gitlab.com/gitlab-org/gitlab/-/issues/434689 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •