CVE-2023-1710
https://notcve.org/view.php?id=CVE-2023-1710
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json https://gitlab.com/gitlab-org/gitlab/-/issues/388242 https://hackerone.com/reports/1829768 •
CVE-2023-1787
https://notcve.org/view.php?id=CVE-2023-1787
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json https://gitlab.com/gitlab-org/gitlab/-/issues/394817 •
CVE-2023-1708
https://notcve.org/view.php?id=CVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json https://gitlab.com/gitlab-org/gitlab/-/issues/387185 https://hackerone.com/reports/1805604 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-1733
https://notcve.org/view.php?id=CVE-2023-1733
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json https://gitlab.com/gitlab-org/gitlab/-/issues/392665 https://hackerone.com/reports/1723124 •
CVE-2023-0326
https://notcve.org/view.php?id=CVE-2023-0326
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0326.json https://gitlab.com/gitlab-org/gitlab/-/issues/388132 https://hackerone.com/reports/1826896 •