CVSS: 4.3EPSS: %CPEs: 3EXPL: 1CVE-2024-11828 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-11828
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. • https://gitlab.com/gitlab-org/gitlab/-/issues/443559 https://hackerone.com/reports/2380264 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.2EPSS: %CPEs: 3EXPL: 1CVE-2024-8114 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-8114
An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. • https://gitlab.com/gitlab-org/gitlab/-/issues/480494 https://hackerone.com/reports/2649822 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: %CPEs: 3EXPL: 1CVE-2024-8177 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-8177
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. • https://gitlab.com/gitlab-org/gitlab/-/issues/480706 https://hackerone.com/reports/2637996 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 6.5EPSS: %CPEs: 3EXPL: 1CVE-2024-8237 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-8237
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. • https://gitlab.com/gitlab-org/gitlab/-/issues/480900 https://hackerone.com/reports/2648665 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8648 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2024-8648
An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL. • https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#stored-xss-through-javascript-url-in-analytics-dashboards https://gitlab.com/gitlab-org/gitlab/-/issues/486220 https://hackerone.com/reports/2683863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •