CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3364 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2023-3364
01 Aug 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 8.14 antes de la 16.0.8, a todas las versiones a partir de la 16.1 antes de la 16.... • https://gitlab.com/gitlab-org/gitlab/-/issues/415995 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3385 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
https://notcve.org/view.php?id=CVE-2023-3385
01 Aug 2023 — An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html). Se ha descubierto un problema en GitLab que afecta ... • https://gitlab.com/gitlab-org/gitlab/-/issues/416161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-2200 – Improper Encoding or Escaping of Output in GitLab
https://notcve.org/view.php?id=CVE-2023-2200
13 Jul 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field. • https://gitlab.com/gitlab-org/gitlab/-/issues/408281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-2198
https://notcve.org/view.php?id=CVE-2023-2198
07 Jun 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-2001
https://notcve.org/view.php?id=CVE-2023-2001
07 Jun 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-2013
https://notcve.org/view.php?id=CVE-2023-2013
07 Jun 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0921 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2023-0921
06 Jun 2023 — A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2181
https://notcve.org/view.php?id=CVE-2023-2181
12 May 2023 — An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0756
https://notcve.org/view.php?id=CVE-2023-0756
03 May 2023 — An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1204
https://notcve.org/view.php?id=CVE-2023-1204
03 May 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json •