CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-2013
https://notcve.org/view.php?id=CVE-2023-2013
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json https://gitlab.com/gitlab-org/gitlab/-/issues/406844 https://hackerone.com/reports/1940441 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1825
https://notcve.org/view.php?id=CVE-2023-1825
An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json https://gitlab.com/gitlab-org/gitlab/-/issues/384035 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0121
https://notcve.org/view.php?id=CVE-2023-0121
A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json https://gitlab.com/gitlab-org/gitlab/-/issues/387549 https://hackerone.com/reports/1774688 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0921
https://notcve.org/view.php?id=CVE-2023-0921
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json https://gitlab.com/gitlab-org/gitlab/-/issues/392433 https://hackerone.com/reports/1869839 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-2132
https://notcve.org/view.php?id=CVE-2023-2132
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json https://gitlab.com/gitlab-org/gitlab/-/issues/407586 https://hackerone.com/reports/1934711 • CWE-1333: Inefficient Regular Expression Complexity •