CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0231 – Improper Control of Resource Identifiers ('Resource Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits. • https://gitlab.com/gitlab-org/gitlab/-/issues/437103 https://hackerone.com/reports/2299337 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2024-6595 – Uncontrolled Search Path Element in GitLab
https://notcve.org/view.php?id=CVE-2024-6595
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 11.8 anterior a la 16.11.6, desde la 17.0 anterior a la 17.0.4 y desde la 17.1 anterior a la 17.1.2 donde era posible cargar un paquete NPM con conflictos datos del paquete. • https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem https://gitlab.com/gitlab-org/gitlab/-/issues/417975 • CWE-427: Uncontrolled Search Path Element CWE-434: Unrestricted Upload of File with Dangerous Type CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2024-1493 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-1493
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 9.2 anterior a la 16.11.5, desde la 17.0 anterior a la 17.0.3 y desde la 17.1 anterior a la 17.1.1, con la lógica de procesamiento para generar enlaces en archivos de dependencia puede provocar un ataque DoS de expresión regular en el servidor • https://gitlab.com/gitlab-org/gitlab/-/issues/441806 https://hackerone.com/reports/2370084 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2024-1816 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-1816
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 12.0 anterior a 16.11.5, desde 17.0 anterior a 17.0.3 y desde 17.1 anterior a 17.1.1, lo que permite que un atacante provoque una denegación de servicio utilizando un archivo OpenAPI manipulado. • https://gitlab.com/gitlab-org/gitlab/-/issues/442852 https://hackerone.com/reports/2370737 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2024-4557 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-4557
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline. Se han descubierto múltiples condiciones de denegación de servicio (DoS) en GitLab CE/EE que afectan a todas las versiones desde 1.0 anterior a 16.11.5, desde 17.0 anterior a 17.0.3 y desde 17.1 anterior a 17.1.1, lo que permitió a un atacante para causar el agotamiento de los recursos a través de la canalización banzai. • https://gitlab.com/gitlab-org/gitlab/-/issues/460517 https://hackerone.com/reports/2485172 • CWE-400: Uncontrolled Resource Consumption •