CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7296 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-7296
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users. • https://gitlab.com/gitlab-org/gitlab/-/issues/475056 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1257 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1257
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs. • https://gitlab.com/gitlab-org/gitlab/-/issues/519348 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8402 – Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-8402
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code. • https://gitlab.com/gitlab-org/gitlab/-/issues/482813 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12380 – Generation of Error Message Containing Sensitive Information in GitLab
https://notcve.org/view.php?id=CVE-2024-12380
13 Mar 2025 — An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information. • https://gitlab.com/gitlab-org/gitlab/-/issues/508557 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-13054 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-13054
13 Mar 2025 — An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions. • https://gitlab.com/gitlab-org/gitlab/-/issues/511004 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0652 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-0652
13 Mar 2025 — An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only. • https://gitlab.com/gitlab-org/gitlab/-/issues/514532 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2045 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-2045
06 Mar 2025 — Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. La autorización incorrecta en GitLab EE que afecta a todas las versiones desde la 17.7 anterior a la 17.7.6, la 17.8 anterior a la 17.8.4 y la 17.9 anterior a la 17.9.1 permite a los usuarios con permisos limitados acceder a datos de análisis de proyectos potencialmente confidenciales. • https://gitlab.com/gitlab-org/gitlab/-/issues/512050 • CWE-863: Incorrect Authorization •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1540 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-1540
06 Mar 2025 — An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." • https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/#saml-authentication-misconfigures-external-user-attribute • CWE-863: Incorrect Authorization •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0555 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-0555
03 Mar 2025 — A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. • https://gitlab.com/gitlab-org/gitlab/-/issues/514004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10925 – Authorization Bypass Through User-Controlled Key in GitLab
https://notcve.org/view.php?id=CVE-2024-10925
03 Mar 2025 — A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML • https://gitlab.com/gitlab-org/gitlab/-/issues/502857 • CWE-639: Authorization Bypass Through User-Controlled Key •