CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1708
https://notcve.org/view.php?id=CVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json https://gitlab.com/gitlab-org/gitlab/-/issues/387185 https://hackerone.com/reports/1805604 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1710
https://notcve.org/view.php?id=CVE-2023-1710
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json https://gitlab.com/gitlab-org/gitlab/-/issues/388242 https://hackerone.com/reports/1829768 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1733
https://notcve.org/view.php?id=CVE-2023-1733
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json https://gitlab.com/gitlab-org/gitlab/-/issues/392665 https://hackerone.com/reports/1723124 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1787
https://notcve.org/view.php?id=CVE-2023-1787
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json https://gitlab.com/gitlab-org/gitlab/-/issues/394817 •
CVSS: 3.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3375
https://notcve.org/view.php?id=CVE-2022-3375
An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json https://gitlab.com/gitlab-org/gitlab/-/issues/376041 https://hackerone.com/reports/1710533 •