Page 6 of 222 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json https://gitlab.com/gitlab-org/gitlab/-/issues/406764 https://hackerone.com/reports/1908423 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json https://gitlab.com/gitlab-org/gitlab/-/issues/406844 https://hackerone.com/reports/1940441 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json https://gitlab.com/gitlab-org/gitlab/-/issues/407859 https://hackerone.com/reports/1938185 •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json https://gitlab.com/gitlab-org/gitlab/-/issues/387638 https://hackerone.com/reports/1817250 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.0EPSS: 1%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json https://gitlab.com/gitlab-org/gitlab/-/issues/390910 https://hackerone.com/reports/1864278 •