Page 42 of 210 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json https://gitlab.com/gitlab-org/gitlab/-/issues/408272 https://hackerone.com/reports/1943819 • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json https://gitlab.com/gitlab-org/gitlab/-/issues/407891 https://hackerone.com/reports/1941803 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json https://gitlab.com/gitlab-org/gitlab/-/issues/392433 https://hackerone.com/reports/1869839 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json https://gitlab.com/gitlab-org/gitlab/-/issues/407586 https://hackerone.com/reports/1934711 • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 5

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. • https://github.com/cc3305/CVE-2023-2825 https://github.com/Occamsec/CVE-2023-2825 https://github.com/Rubikcuv5/CVE-2023-2825 https://github.com/caopengyan/CVE-2023-2825 https://github.com/Tornad0007/CVE-2023-2825-Gitlab https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json https://gitlab.com/gitlab-org/gitlab/-/issues/412371 https://hackerone.com/reports/1994725 https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •