CRITICAL10.0CVE-2021-22205⚠ KEVGitLab Community and Enterprise Editions Remote Code Execution Vulnerability >= 11.9.0, < 13.8.8, >= 13.9.0, < 13.9.6, >= 13.10.0, < 13.10.3
CRITICAL9.8CVE-2021-22175⚠ KEVGitLab Server-Side Request Forgery (SSRF) Vulnerability >= 10.5.0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
CRITICAL9.8⚠ KEVWeak Password Recovery Mechanism for Forgotten Password in GitLab
>= 16.1.0, < 16.1.6, >= 16.2.0, < 16.2.9, >= 16.3.0, < 16.3.7, >= 16.4.0, < 16.4.5, >= 16.5.0, < 16.5.6, >= 16.6.0, < 16.6.4, >= 16.7.0, < 16.7.2
HIGH7.5⚠ KEVGitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
>= 10.5.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
CRITICAL10.0The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
from 0, < 16.11.10, >= 17.0.0, < 17.0.8, >= 17.1.0, < 17.1.8, >= 17.2.0, < 17.2.7, >= 17.3.0, < 17.3.3
CRITICAL10.0GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the a…
>= 13.3.0, < 13.3.4
CRITICAL9.9Missing Authorization in GitLab
>= 17.11.0, < 18.0.2
CRITICAL9.9A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an aut…
>= 11.3.4, < 15.1.5, >= 15.2.0, < 15.2.3, >= 15.3.0, < 15.3.1
CRITICAL9.9A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated u…
>= 11.10.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
CRITICAL9.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
>= 16.0.0, < 16.5.8, >= 16.6.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
CRITICAL9.8Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
from 0, < 17.9.2
CRITICAL9.8ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)
from 0, < 17.9.2
CRITICAL9.8Improper Access Control in GitLab
>= 15.8.0, < 16.11.6, >= 17.0.0, < 17.0.4, >= 17.1.0, < 17.1.2
CRITICAL9.8GitLab 10.1 through 12.8.1 has Incorrect Access Control.
>= 10.1.0, < 12.8.2
CRITICAL9.8GitLab EE 3.0 through 12.8.1 allows SSRF.
>= 3.0.0, < 12.8.2
CRITICAL9.8GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
>= 8.10.0, < 12.9.1
CRITICAL9.8GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
>= 8.0.0, < 12.9.1
CRITICAL9.8A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 7.7.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
CRITICAL9.8GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
>= 10.7.0, < 12.6.8
CRITICAL9.8GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
>= 8.9.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
CRITICAL9.8An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 bef…
>= 13.7.9, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
CRITICAL9.8It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
>= 14.1.1, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
CRITICAL9.8An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 befo…
>= 12.10.0, < 14.6.5, >= 14.7.0, < 14.7.4, >= 14.8.0, < 14.8.2
CRITICAL9.8A hardcoded password was set for accounts registered using an OmniAuth provider (e.g.
>= 14.7.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
CRITICAL9.8An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.…
>= 10.0.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
CRITICAL9.8An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 w…
>= 1.0.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
CRITICAL9.8Incorrect Ownership Assignment in GitLab
>= 15.9.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
CRITICAL9.8Incorrect Authorization in GitLab
>= 13.12.0, < 16.2.7, >= 16.3.0, < 16.3.4
CRITICAL9.6Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
CRITICAL9.6Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 14.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
CRITICAL9.6In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
>= 12.3.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
CRITICAL9.1Origin Validation Error in GitLab
>= 18.2.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
CRITICAL9.1Exposure of Sensitive Information Due to Incompatible Policies in GitLab
>= 8.0.0, < 16.4.0
CRITICAL9.1Incorrect Authorization in GitLab
>= 13.3.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
CRITICAL9.1GitLab 12.7 through 12.8.1 has Insecure Permissions.
>= 12.7.0, < 12.8.2
CRITICAL9.1A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1.
>= 12.0.0, < 13.2.4, >= 13.3.0, < 13.3.2, >= 13.4.0, < 13.4.1
CRITICAL9.1A vulnerability was discovered in GitLab starting with version 12.
>= 12.0.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
CRITICAL9.0Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 p…
>= 12.6.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
HIGH8.8Improper Handling of Parameters in GitLab
>= 14.3.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
HIGH8.8Cross-Site Request Forgery (CSRF) in GitLab
>= 17.10.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
HIGH8.8Missing Authorization in GitLab
>= 17.1.0, < 18.3.5, >= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
HIGH8.8Privilege Defined With Unsafe Actions in GitLab
>= 16.6.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
HIGH8.8Server-Side Request Forgery (SSRF) in GitLab
>= 16.11.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.2
HIGH8.8Business Logic Errors in GitLab
>= 17.3.0, < 18.0.1, >= 18.1.0
HIGH8.8Incorrect Authorization in GitLab
>= 17.4.0, < 17.10.1
HIGH8.8Unintended Proxy or Intermediary ('Confused Deputy') in GitLab
>= 15.11.0, < 17.8.2
HIGH8.8Cross-Site Request Forgery (CSRF) in GitLab
>= 10.6.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
HIGH8.8Missing Authorization in GitLab
>= 8.12.0, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
HIGH8.8Incorrect Authorization in GitLab
>= 16.0.0, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2
HIGH8.8Incorrect Authorization in GitLab
>= 11.6.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
HIGH8.8Missing Authentication for Critical Function in GitLab
>= 12.5.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
HIGH8.8Authentication Bypass by Spoofing in GitLab
>= 8.14.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH8.8Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
>= 16.11.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH8.8Privilege Context Switching Error in GitLab
>= 13.7.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH8.8Improper Access Control in GitLab
>= 15.8.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
HIGH8.8Authentication Bypass by Assumed-Immutable Data in GitLab
>= 7.8.0, < 16.9.6, >= 16.10.0, < 16.10.4, >= 16.11.0, < 16.11.1
HIGH8.8An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could all…
>= 9.5.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
HIGH8.8Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relati…
>= 11.3.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
HIGH8.8OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
>= 12.3.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
HIGH8.8An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6.
>= 10.7.0, < 13.0.14, >= 13.1.0, < 13.1.8, >= 13.2.0, < 13.2.6
HIGH8.8A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH8.8An issue has been discovered in GitLab affecting all versions starting from 11.2.
>= 11.2.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
HIGH8.8An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute…
>= 13.2.0, < 13.7.9, >= 13.8.0, < 13.8.6, >= 13.9.0, < 13.9.4
HIGH8.8Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application.
>= 14.1.0, < 14.1.2
HIGH8.8A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all v…
from 0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
HIGH8.8Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perfo…
>= 14.5.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
HIGH8.8Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets wit…
>= 10.0.0, < 14.6.5, >= 14.7.0, < 14.7.4, >= 14.8.0, < 14.8.2
HIGH8.8Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions…
>= 1.0.2, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
HIGH8.8An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting…
>= 11.0.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
HIGH8.8A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 p…
>= 14.0.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
HIGH8.8An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 befor…
>= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
HIGH8.8Improper User Management in GitLab
>= 16.0.0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
HIGH8.8Execution with Unnecessary Privileges in GitLab
>= 16.0.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
HIGH8.8Incorrect Authorization in GitLab
>= 8.13.0, < 16.5.6, >= 16.6.0, < 16.6.4, >= 16.7.0, < 16.7.2
HIGH8.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 13.1.4, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
HIGH8.7Authorization Bypass Through User-Controlled Key in GitLab
>= 15.5.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
HIGH8.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.4.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
HIGH8.7Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
>= 18.0.0, < 18.0.2
HIGH8.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.6.0, < 17.11.1
HIGH8.7URL Redirection to Untrusted Site ('Open Redirect') in GitLab
>= 16.1.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
HIGH8.7An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
>= 12.4.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
HIGH8.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.9.0, < 16.9.1
HIGH8.6When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all v…
>= 10.5.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
HIGH8.5Exposed Dangerous Method or Function in GitLab
>= 16.9.6, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
HIGH8.5An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versi…
from 0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
HIGH8.3A vulnerability was discovered in GitLab versions prior to 13.1.
from 0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
HIGH8.2Authorization Bypass Through User-Controlled Key in GitLab
>= 18.8.0, < 18.10.7, >= 18.11.0, < 18.11.4 | >= 19.0.0, <= 19.0.0
HIGH8.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.11.0, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
HIGH8.2An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9.
from 0, < 13.5.2
HIGH8.1Business Logic Errors in GitLab
>= 16.0.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
HIGH8.1Improper Resolution of Path Equivalence in GitLab
>= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
HIGH8.1Cross-Site Request Forgery (CSRF) in GitLab
>= 17.0.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
HIGH8.1Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 7.11.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
HIGH8.1Missing Authorization in GitLab
>= 17.6.0, < 18.3.5, >= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
HIGH8.1Cross-Site Request Forgery (CSRF) in GitLab
>= 16.1.0, < 16.11.5, >= 17.0.0, < 17.1.2
HIGH8.1Server-Side Request Forgery (SSRF) in GitLab
>= 15.10.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
HIGH8.1External Control of Critical State Data in GitLab
>= 16.9.7, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH8.1Authorization Bypass Through User-Controlled Key in GitLab
>= 8.12.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
HIGH8.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
>= 16.9.0, < 16.9.6, >= 16.10.0, < 16.10.4, >= 16.11.0, < 16.11.1
HIGH8.1Privilege Chaining in GitLab
>= 16.8.0, < 16.8.4, >= 16.9.0, < 16.9.2
HIGH8.1GitLab 12.5 through 12.8.1 has Insecure Permissions.
>= 12.5.0, < 12.8.2
HIGH8.1A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
>= 12.2.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
HIGH8.1In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.
>= 13.2.0, < 13.2.3
HIGH8.1A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH8.1An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14.
from 0, < 13.5.2
HIGH8.1In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trig…
>= 8.15.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
HIGH8.1A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1.
>= 10.5.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
HIGH8.1An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versi…
from 0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
HIGH8.1A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.…
>= 1.0.0, < 15.6.7, >= 15.7.0, < 15.7.6, >= 15.8.0, < 15.8.1
HIGH8.1An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before…
>= 15.2.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
HIGH8.1Improper Certificate Validation in GitLab
>= 11.6.0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
HIGH8.1Dependency on Vulnerable Third-Party Component in GitLab
>= 9.5.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
HIGH8.0Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.11.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
HIGH8.0Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.11.0, < 18.0.1, >= 18.1.0
HIGH8.0Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
>= 14.9.0, < 17.10.1
HIGH8.0Incorrect Authorization in GitLab
>= 11.3.0, < 16.7.7, >= 16.8.0, < 16.8.4, >= 16.9.0, < 16.9.2
HIGH8.0An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.…
>= 7.7.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
HIGH8.0An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions st…
>= 14.9.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
HIGH8.0An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1.
>= 15.6.0, < 15.6.1
HIGH8.0An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions…
from 0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
HIGH7.7Improper Encoding or Escaping of Output in GitLab
>= 17.1.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
HIGH7.7Incorrect Authorization in GitLab
>= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.2
HIGH7.7Insertion of Sensitive Information Into Sent Data in GitLab
>= 14.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
HIGH7.7Business Logic Errors in GitLab
>= 16.6.0, < 17.11.1
HIGH7.7A vulnerability was discovered in GitLab versions prior 13.1.
>= 8.5.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
HIGH7.7Insertion of Sensitive Information Into Sent Data in GitLab
>= 11.6.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
HIGH7.7Improper Enforcement of Behavioral Workflow in GitLab
>= 15.1.0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
HIGH7.6The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintai…
from 0, < 13.5.2
HIGH7.6A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to…
>= 7.9.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 12.10.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 9.0.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
HIGH7.5Deserialization of Untrusted Data in GitLab
>= 11.9.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 18.5.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
HIGH7.5Improper Validation of Specified Quantity in Input in GitLab
>= 18.5.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
HIGH7.5Improper Validation of Specified Quantity in Input in GitLab
>= 12.10.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
HIGH7.5Improper Validation of Specified Quantity in Input in GitLab
>= 13.0.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
HIGH7.5Inefficient Algorithmic Complexity in GitLab
>= 18.5.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
HIGH7.5Missing Authentication for Critical Function in GitLab
>= 18.5.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
HIGH7.5Uncontrolled Recursion in GitLab
>= 18.9.0, < 18.9.2
HIGH7.5Improper Validation of Specified Quantity in Input in GitLab
>= 16.11.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 10.0.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 18.9.0, < 18.9.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 14.4.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 9.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
HIGH7.5Improper Validation of Specified Quantity in Input in GitLab
>= 12.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.0.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
HIGH7.5Interpretation Conflict in GitLab
>= 18.4.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 10.8.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 12.3.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.2
HIGH7.5Incorrect Authorization in GitLab
>= 17.7.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.9.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.10.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 17.10.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.0.0, < 18.3.5, >= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 17.10.0, < 18.3.5, >= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 13.12.0, < 18.2.8, >= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 17.2.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
HIGH7.5Improper Validation of Specified Quantity in Input in GitLab
>= 7.12.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 14.1.0, < 18.1.5, >= 18.2.0, < 18.2.5, >= 18.3.0, < 18.3.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.14.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
HIGH7.5Insertion of Sensitive Information into Log File in GitLab
>= 17.0.0, < 17.2.2
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 7.10.0, < 16.11.5, >= 17.0.0, < 17.1.2
HIGH7.5Insufficient Granularity of Access Control in GitLab
>= 12.0.0, < 18.0.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.7.0, < 18.0.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.13.0, < 18.0.2
HIGH7.5Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
>= 17.7.0, < 18.0.2
HIGH7.5User Interface (UI) Misrepresentation of Critical Information in GitLab
>= 12.1.0, < 17.11.3, >= 18.0.0, < 18.0.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.6.0, < 17.11.3, >= 18.0.0, < 18.0.1
HIGH7.5Insufficient Granularity of Access Control in GitLab
from 0, < 17.11.3, >= 18.0.0, < 18.0.1
HIGH7.5Insufficient Granularity of Access Control in GitLab
>= 12.0.0, < 17.11.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 17.1.0, < 17.11.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 16.7.0, < 17.11.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 17.10.4
HIGH7.5Generation of Error Message Containing Sensitive Information in GitLab
>= 17.1.0, < 17.10.4
HIGH7.5Generation of Error Message Containing Sensitive Information in GitLab
>= 11.5.0, < 17.9.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 12.3.0, < 17.9.2
HIGH7.5ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses
from 0, < 17.9.2
HIGH7.5Execution with Unnecessary Privileges in GitLab
>= 16.4.0, < 17.5.0
HIGH7.5Files or Directories Accessible to External Parties in GitLab
>= 15.7.0, < 17.8.2
HIGH7.5Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
>= 8.3.0, < 17.8.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.11.0, < 16.6.7, >= 16.7.0, < 16.7.5, >= 16.8.0, < 16.8.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.7.0, < 16.11.2
HIGH7.5Inefficient Algorithmic Complexity in GitLab
>= 13.6.0, < 17.4.2
HIGH7.5Inefficient Algorithmic Complexity in GitLab
>= 9.4.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
HIGH7.5Incorrect Authorization in GitLab
>= 16.9.8, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
HIGH7.5Inefficient Algorithmic Complexity in GitLab
>= 13.2.4, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
HIGH7.5Inefficient Algorithmic Complexity in GitLab
>= 15.6.0, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
HIGH7.5Inefficient Algorithmic Complexity in GitLab
>= 12.6.0, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
HIGH7.5Incorrect Ownership Assignment in GitLab
>= 16.3.0, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2
HIGH7.5Missing Authorization in GitLab
>= 11.2.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 16.4.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH7.5Uncontrolled Resource Consumption in GitLab
>= 11.3.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
HIGH7.5Improper Encoding or Escaping of Output in GitLab
>= 8.16.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
HIGH7.5Improper Isolation or Compartmentalization in GitLab
>= 16.11.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 12.5.0, < 16.9.6, >= 16.10.0, < 16.10.4, >= 16.11.0, < 16.11.1
HIGH7.5GitLab EE 12.4.2 through 12.8.1 allows Denial of Service.
>= 12.4.2, < 12.8.2
HIGH7.5GitLab before 12.8.2 allows Information Disclosure.
from 0, < 12.8.2
HIGH7.5GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,
>= 8.11.0, < 12.8.2
HIGH7.5In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
>= 11.7.0, < 12.9.1
HIGH7.5GitLab through 12.9 is affected by a potential DoS in repository archive download.
from 0, < 12.9.1
HIGH7.5GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
>= 8.17.0, < 12.9.1
HIGH7.5An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before…
from 0, < 12.7.9, >= 12.8.0, < 12.8.9, >= 12.9.0, < 12.9.3
HIGH7.5An issue was discovered in GitLab 10.7.0 and later through 12.9.2.
>= 10.7.0, < 12.7.9, >= 12.8.0, < 12.8.9, >= 12.9.0, < 12.9.3
HIGH7.5A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
>= 12.0.0, < 12.9.8, >= 12.10.0, < 12.10.7
HIGH7.5A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous Git…
from 0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
HIGH7.5A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH7.5A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 11.4.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH7.5In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the c…
>= 8.6.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
HIGH7.5An issue was discovered in GitLab EE 11.3 and later.
>= 11.3.0, < 12.5.9, >= 12.6.0, < 12.6.6, >= 12.7.2, < 12.7.4
HIGH7.5GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
>= 11.11.0, < 12.5.9, >= 12.6.0, < 12.6.6
HIGH7.5GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
from 0, < 12.5.9, >= 12.6.0, < 12.6.6, >= 12.7.0, < 12.7.4
HIGH7.5GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
>= 8.0.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
HIGH7.5GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
>= 12.0.0, < 12.5.9, >= 12.6.0, < 12.6.6, >= 12.7.0, < 12.7.4
HIGH7.5GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
>= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
HIGH7.5In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
>= 12.5.0, < 12.7.6
HIGH7.5An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
>= 13.7.0, < 13.7.2
HIGH7.5An issue has been discovered in GitLab affecting all versions starting from 12.1.
>= 12.1.0, < 13.5.6, >= 13.6.0, < 13.6.4, >= 13.7.0, < 13.7.2
HIGH7.5Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
>= 11.6.0, < 13.5.6, >= 13.6.0, < 13.6.4, >= 13.7.0, < 13.7.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6.
>= 12.6.0, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8.
>= 13.8.0, < 13.9.7, >= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.12
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8.
>= 12.8.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
HIGH7.5A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.
>= 9.1.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
HIGH7.5In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting…
>= 0.8.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5.
>= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
HIGH7.5An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7…
>= 14.6.0, < 14.6.5, >= 14.7.0, < 14.7.4, >= 14.8.0, < 14.8.2
HIGH7.5Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables…
>= 10.0.0, < 14.6.5, >= 14.7.0, < 14.7.4, >= 14.8.0, < 14.8.2
HIGH7.5A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, al…
>= 13.7.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
HIGH7.5Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and…
>= 1.0.2, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
HIGH7.5An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9…
>= 13.9.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
HIGH7.5An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to…
>= 13.7.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
HIGH7.5An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 1…
>= 12.8.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
HIGH7.5An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.…
>= 12.0.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
HIGH7.5A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 1…
from 0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versi…
from 0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
HIGH7.5A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 b…
from 0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
HIGH7.5Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1…
>= 12.0.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versi…
from 0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
HIGH7.5A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.…
>= 10.8.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 befor…
>= 14.3.0, < 15.6.7, >= 15.7.0, < 15.7.6, >= 15.8.0, < 15.8.1
HIGH7.5Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.…
>= 13.11.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
HIGH7.5In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
>= 1.0.0, < 12.9.8, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 13.2.4, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 befor…
>= 14.0.0, < 15.6.7, >= 15.7.0, < 15.7.6, >= 15.8.0, < 15.8.1
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 15.2.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
HIGH7.5A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9…
>= 11.10.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 bef…
>= 15.4.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 befo…
>= 8.7.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 bef…
>= 12.0.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
HIGH7.5An issue has been discovered in GitLab CE/EE affecting only version 16.0.0.
>= 16.0.0, < 16.0.1
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 8.14.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
HIGH7.5Insertion of Sensitive Information Into Sent Data in GitLab
>= 16.2.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 10.3.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
HIGH7.5Improper Validation of Specified Type of Input in GitLab
>= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
HIGH7.5Improper Validation of Specified Type of Input in GitLab
from 0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
HIGH7.5Improper Validation of Specified Type of Input in GitLab
from 0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
HIGH7.5Insertion of Sensitive Information into Log File in GitLab
>= 14.3.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
HIGH7.5Inefficient Regular Expression Complexity in GitLab
>= 9.3.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.11.0, < 16.2.2
HIGH7.5Incorrect Authorization in GitLab
>= 15.3.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
HIGH7.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.2.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
HIGH7.5Incorrect Authorization in GitLab
>= 13.12.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
HIGH7.5Improper Control of Generation of Code ('Code Injection') in GitLab
from 0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
HIGH7.5Incorrect Authorization in GitLab
>= 16.2.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
HIGH7.4Unchecked Return Value in GitLab
>= 18.6.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.2
HIGH7.4Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
>= 17.2.0, < 17.9.2
HIGH7.4An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.…
>= 12.10.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
HIGH7.3A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4.
>= 12.6.0, < 13.0.12, >= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH7.3A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allow…
>= 15.0.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
HIGH7.3Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attack…
>= 12.7.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
HIGH7.3An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 1…
>= 15.1.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
HIGH7.2Missing Authorization in GitLab
>= 16.6.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
HIGH7.2Privilege Defined With Unsafe Actions in GitLab
>= 16.6.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
HIGH7.2In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
>= 8.4.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
HIGH7.2A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 7.11.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH7.2A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
HIGH7.2A vulnerability was discovered in GitLab versions after 12.9.
>= 12.9.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
HIGH7.2Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for th…
>= 13.6.0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
HIGH7.2Improper code rendering while rendering merge requests could be exploited to submit malicious code.
>= 9.3.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
HIGH7.2Incorrect Execution-Assigned Permissions in GitLab
>= 16.1.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
HIGH7.1In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
>= 1.0.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
HIGH7.1A vulnerability was discovered in GitLab versions prior 13.1.
>= 12.9.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
HIGH7.1Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbi…
from 0, < 13.5.2
HIGH7.1An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 befor…
>= 11.0.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
HIGH7.1When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 pri…
>= 11.3.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
HIGH7.1URL Redirection to Untrusted Site ('Open Redirect') in GitLab
>= 16.2.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM6.8Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 13.1.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
MEDIUM6.8Improper Validation of Consistency within Input in GitLab
>= 11.1.0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM6.8Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 17.3.0, < 17.11.2
MEDIUM6.8Improper Restriction of Rendered UI Layers or Frames in GitLab
>= 16.3.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM6.8An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
from 0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.1
MEDIUM6.7Privilege Context Switching Error in GitLab
>= 13.7.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM6.7Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 1…
from 0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM6.7Incorrect Privilege Assignment in GitLab
>= 16.5.0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
MEDIUM6.7Missing Authorization in GitLab
>= 16.4.0, < 16.6.7, >= 16.7.0, < 16.7.5, >= 16.8.0, < 16.8.2
MEDIUM6.6Execution with Unnecessary Privileges in GitLab
>= 17.1.0, < 17.6.0
MEDIUM6.5Server-Side Request Forgery (SSRF) in GitLab
>= 18.10.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 17.1.0, < 18.10.7, >= 18.11.0, < 18.11.4 | >= 19.0.0, <= 19.0.0
MEDIUM6.5Cross-Site Request Forgery (CSRF) in GitLab
>= 11.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM6.5Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 18.9.1, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.3.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 12.3.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 9.2.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 12.4.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 10.6.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
MEDIUM6.5Improper Validation of Specified Quantity in Input in GitLab
>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 13.7.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
MEDIUM6.5Improper Validation of Specified Quantity in Input in GitLab
>= 16.10.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
MEDIUM6.5Use of Incorrectly-Resolved Name or Reference in GitLab
>= 1.0.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 16.11.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 9.3.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 9.0.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
MEDIUM6.5Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
>= 17.1.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.2
MEDIUM6.5Missing Authorization in GitLab
>= 18.5.0, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.3.0, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.10.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 6.3.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.3.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.1
MEDIUM6.5Authentication Bypass by Spoofing in GitLab
>= 18.3.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.1
MEDIUM6.5Missing Authorization in GitLab
>= 13.7.0, < 18.2.8, >= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.2
MEDIUM6.5Insertion of Sensitive Information Into Sent Data in GitLab
>= 16.7.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM6.5Memory Allocation with Excessive Size Value in GitLab
>= 16.9.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM6.5Business Logic Errors in GitLab
>= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.7.0, < 18.3.5, >= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
MEDIUM6.5Incorrect Authorization in GitLab
>= 10.6.0, < 18.3.5, >= 18.4.0, < 18.4.3, >= 18.5.0, < 18.5.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 5.2.0, < 18.2.8, >= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.2
MEDIUM6.5Incorrect Ownership Assignment in GitLab
>= 17.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 18.1.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 7.8.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.0.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.2
MEDIUM6.5Improper Validation of Specified Quantity in Input in GitLab
>= 10.7.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 8.15.0, < 18.1.5, >= 18.2.0, < 18.2.5, >= 18.3.0, < 18.3.1
MEDIUM6.5Authorization Bypass Through User-Controlled Key in GitLab
>= 18.0.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 13.2.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.6.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM6.5Incorrect Authorization in GitLab
>= 15.6.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM6.5Improper Control of Generation of Code ('Code Injection') in GitLab
>= 17.8.0, < 17.8.6, >= 17.9.0, < 17.9.3, >= 17.10.0, < 18.2.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 10.7.0, < 18.0.1, >= 18.1.0
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 2.10.0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 10.2.0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM6.5Improper Restriction of Rendered UI Layers or Frames in GitLab
>= 7.7.0, < 17.10.4
MEDIUM6.5Insufficient Granularity of Access Control in GitLab
>= 16.0.0, < 17.10.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 17.9.2
MEDIUM6.5Incorrect Authorization in GitLab
>= 16.9.0, < 17.9.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 14.1.0, < 17.8.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 7.14.1, < 17.5.2
MEDIUM6.5Missing Authorization in GitLab
>= 14.0.0, < 16.11.2
MEDIUM6.5Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab
>= 17.4.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.1
MEDIUM6.5Improper Restriction of Rendered UI Layers or Frames in GitLab
>= 17.2.0, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 11.2.0, < 17.3.6, >= 17.4.0, < 17.4.3, >= 17.5.0, < 17.5.1
MEDIUM6.5Incorrect Authorization in GitLab
>= 8.16.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
MEDIUM6.5Generation of Error Message Containing Sensitive Information in GitLab
>= 15.10.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM6.5Improper Protection of Alternate Path in GitLab
>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM6.5Server-Side Request Forgery (SSRF) in GitLab
>= 16.8.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM6.5Incorrect Provision of Specified Functionality in GitLab
>= 8.2.0, < 17.1.6, >= 17.2.0, < 17.2.4, >= 17.3.0, < 17.3.1
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
from 0, < 17.1.6, >= 17.2.0, < 17.2.4, >= 17.3.0, < 17.3.1
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 11.10.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM6.5Improper Control of Generation of Code ('Code Injection') in GitLab
from 0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 12.6.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 1.0.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in GitLab
>= 13.9.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 15.9.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in GitLab
>= 15.4.0, < 17.0.5, >= 17.1.0, < 17.1.3, >= 17.2.0, < 17.2.1
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 9.2.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM6.5Improper Authorization in GitLab
>= 16.7.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 1.0.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 13.1.0, < 16.10.7, >= 16.11.0, < 16.11.4, >= 17.0.0, < 17.0.2
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 15.8.0, < 16.10.7, >= 16.11.0, < 16.11.4, >= 17.0.0, < 17.0.2
MEDIUM6.5Uncontrolled Resource Consumption in GitLab
>= 8.4.0, < 16.10.7, >= 16.11.0, < 16.11.4, >= 17.0.0, < 17.0.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
from 0, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
MEDIUM6.5Improper Handling of Highly Compressed Data (Data Amplification) in GitLab
>= 13.2.4, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 16.9.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 16.11.0, < 16.11.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.11.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
from 0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 15.4.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
MEDIUM6.5Cross-Site Request Forgery (CSRF) in GitLab
>= 16.7.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 16.7.7, < 16.8.6, >= 16.9.0, < 16.9.4, >= 16.10.0, < 16.10.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
from 0, < 16.8.6, >= 16.9.0, < 16.9.4, >= 16.10.0, < 16.10.2
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
from 0, < 16.8.5, >= 16.9.0, < 16.9.3, >= 16.10.0, < 16.10.1
MEDIUM6.5GitLab before 12.8.2 has Incorrect Access Control.
from 0, < 12.8.2
MEDIUM6.5GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
>= 8.11.0, < 12.9.2
MEDIUM6.5GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content a…
>= 11.1.0, < 12.9.1
MEDIUM6.5An issue was discovered in GitLab CE and EE 8.15 through 12.9.2.
>= 8.15.0, < 12.7.9, >= 12.8.0, < 12.8.9, >= 12.9.0, < 12.9.3
MEDIUM6.5An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
>= 10.6.0, < 12.9.10, >= 12.10.0, < 12.10.11, >= 13.0.0, < 13.0.6
MEDIUM6.5For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
from 0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
MEDIUM6.5For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
>= 8.9.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
MEDIUM6.5A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 11.3.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM6.5A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM6.5A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1.
>= 1.0.0, < 13.1.3, >= 13.2.0, < 13.2.3, >= 13.3.0, < 13.3.1
MEDIUM6.5An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project s…
>= 12.8.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM6.5A vulnerability was discovered in GitLab versions prior to 13.1.
>= 9.4.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM6.5An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13.
>= 12.6.2, < 12.10.13
MEDIUM6.5An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview.
>= 12.10.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM6.5Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to…
>= 11.2.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM6.5Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for sch…
from 0, < 13.5.2
MEDIUM6.5A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled…
from 0, < 13.6.2
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 12.4.
>= 12.4.0, < 13.5.6, >= 13.6.0, < 13.6.4, >= 13.7.0, < 13.7.2
MEDIUM6.5A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
>= 12.8.0, < 13.5.6, >= 13.6.0, < 13.6.4, >= 13.7.0, < 13.7.2
MEDIUM6.5Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if t…
>= 11.5.0, < 13.5.6, >= 13.6.0, < 13.6.4, >= 13.7.0, < 13.7.2
MEDIUM6.5A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relat…
>= 11.8.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM6.5A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
>= 13.7.0, < 13.7.8, >= 13.8.0, < 13.8.5, >= 13.9.0, < 13.9.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9.
>= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
MEDIUM6.5A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access to…
>= 7.10.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM6.5A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontroll…
from 0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM6.5A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontroll…
from 0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 befor…
>= 12.9.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM6.5A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed…
>= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM6.5Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since vers…
>= 13.9.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM6.5An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all vers…
from 0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM6.5Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vuln…
>= 13.1.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM6.5A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6.
>= 2.0.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM6.5A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI varia…
>= 13.7.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM6.5A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.
>= 12.6.0, < 14.1.7
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1…
>= 13.0.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1…
>= 13.8.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM6.5In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
>= 8.9.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM6.5In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still ac…
>= 14.1.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM6.5In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a…
>= 13.0.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 befor…
>= 12.9.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 befo…
>= 12.10.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, al…
>= 8.15.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions s…
>= 13.7.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 befor…
>= 13.2.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4…
>= 12.0.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
from 0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.1
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 1…
>= 13.10.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3.
>= 13.2.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versi…
>= 13.2.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM6.5Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.…
from 0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM6.5Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, a…
>= 11.5.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM6.5A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 a…
>= 10.0.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM6.5Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 1…
>= 8.12.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM6.5Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all v…
>= 12.0.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
MEDIUM6.5Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all v…
>= 12.0.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
MEDIUM6.5Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows…
>= 12.0.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM6.5A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting…
>= 10.0.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 befor…
>= 15.0.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM6.5A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 p…
>= 12.9.8, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 befor…
>= 12.9.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM6.5An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versi…
>= 14.4.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM6.5An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 1…
from 0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM6.5Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4…
>= 14.9.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM6.5A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allo…
>= 12.4.0, < 15.6.7, >= 15.7.0, < 15.7.6, >= 15.8.0, < 15.8.1
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.
>= 15.4.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.…
>= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM6.5An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before…
>= 12.0.0, < 15.10.5, >= 15.11.0, < 15.11.1
MEDIUM6.5An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before…
>= 14.2.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
MEDIUM6.5An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3.
from 0, < 15.9.8, >= 15.10.0, < 15.10.7, >= 15.11.0, < 15.11.3
MEDIUM6.5Authorization Bypass Through User-Controlled Key in GitLab
>= 13.10.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM6.5An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira…
>= 15.10.0, < 16.1.0
MEDIUM6.5An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 befo…
>= 15.4.0, < 15.9.7, >= 15.10.0, < 15.10.6, >= 15.11.0, < 15.11.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 15.11.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 15.11.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
>= 8.10.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM6.5Improper Control of Generation of Code ('Code Injection') in GitLab
from 0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM6.5Incorrect Authorization in GitLab
>= 15.3.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM6.5Incorrect Authorization in GitLab
>= 12.8.0, < 15.11.11, >= 16.0.0, < 16.0.7, >= 16.1.0, < 16.1.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 12.3.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
MEDIUM6.5Incorrect User Management in GitLab
>= 13.12.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM6.5Insertion of Sensitive Information Into Sent Data in GitLab
>= 14.1.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM6.5Missing Authorization in GitLab
>= 14.7.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 10.5.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
MEDIUM6.5Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
>= 16.2.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
MEDIUM6.5Improper Control of Generation of Code ('Code Injection') in GitLab
from 0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 12.7.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
MEDIUM6.5Incorrect Authorization in GitLab
>= 16.4.3, < 16.4.4, >= 16.5.3, < 16.5.4, >= 16.6.1, < 16.6.2
MEDIUM6.5Inefficient Regular Expression Complexity in GitLab
>= 11.3.0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab
>= 13.3.3, < 16.6.7, >= 16.7.0, < 16.7.5, >= 16.8.0, < 16.8.2
MEDIUM6.5Privilege Chaining in GitLab
>= 16.8.0, < 16.8.2
MEDIUM6.5apollo_upload_server has Denial of Service vulnerability
>= 11.9.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM6.4Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
>= 18.4.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.1
MEDIUM6.4URL Redirection to Untrusted Site ('Open Redirect') in GitLab
>= 11.8.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM6.4Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
>= 17.1.0, < 17.1.6, >= 17.2.0, < 17.2.4, >= 17.3.0, < 17.3.1
MEDIUM6.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 be…
>= 13.11.0, < 13.11.7, >= 13.12.0, < 13.12.8, >= 14.0.0, < 14.0.4
MEDIUM6.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 befor…
>= 12.6.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM6.4An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.…
>= 9.3.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.1.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.10.0, < 18.0.5, >= 18.1.0, < 18.1.3, >= 18.2.0, < 18.2.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.6.0, < 17.11.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.9.0, < 18.0.2
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.10.0, < 17.9.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.6.0, < 17.9.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 13.3.0, < 17.8.2
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork
>= 15.11.0, < 17.3.0
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.2.0, < 17.6.4, >= 17.7.0, < 17.7.3, >= 17.8.0, < 17.8.1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.0.0, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2
MEDIUM6.1URL Redirection to Untrusted Site ('Open Redirect') in GitLab
>= 11.1.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM6.1URL Redirection to Untrusted Site ('Open Redirect') in GitLab
>= 12.9.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM6.1Cross-Site Request Forgery (CSRF) in GitLab
>= 13.11.0, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
MEDIUM6.1GitLab 12.5 through 12.8.1 allows HTML Injection.
>= 12.5.0, < 12.8.2
MEDIUM6.1GitLab 12.1 through 12.8.1 allows XSS.
>= 12.1.0, < 12.8.2
MEDIUM6.1GitLab 12.1 through 12.8.1 allows XSS.
>= 12.1.0, < 12.8.2
MEDIUM6.1GitLab 9.3 through 12.8.1 allows XSS.
>= 9.3.0, < 12.8.2
MEDIUM6.1GitLab 12.1 through 12.8.1 allows XSS.
>= 12.1.0, < 12.8.2
MEDIUM6.1Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload…
>= 12.9.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM6.1A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and…
>= 12.8.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM6.1A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE…
>= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM6.1A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/E…
from 0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM6.1GitLab EE 11.0 and later through 12.7.2 allows XSS.
>= 11.0.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
MEDIUM6.1GitLab through 12.7.2 allows XSS.
from 0, < 12.5.9, >= 12.6.0, < 12.6.6, >= 12.7.0, < 12.7.3
MEDIUM6.1Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT…
>= 11.9.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM6.1A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious l…
>= 12.9.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM6.1Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the vi…
>= 13.5.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM6.1An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14…
>= 14.0.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
MEDIUM6.1An issue has been discovered affecting GitLab versions prior to 13.5.
>= 13.5.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM6.1Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versi…
>= 14.4.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM6.1An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9…
>= 14.4.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM6.1An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 1…
>= 11.1.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM6.1An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an…
>= 10.1.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM6.1An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2.
>= 10.0.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM6.1An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.…
>= 9.4.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM6.1An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9…
>= 12.8.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM6.1A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, an…
>= 13.5.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM6.1A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.…
>= 15.3.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM6.1An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prio…
>= 11.4.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
MEDIUM6.1An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.…
>= 15.6.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM6.1URL Redirection to Untrusted Site in GitLab
>= 4.1.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM6.1An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 bef…
>= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 10.0.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM5.9Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
from 0, < 18.0.2
MEDIUM5.8Unintended Proxy or Intermediary ('Confused Deputy') in GitLab
>= 13.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM5.8A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM5.7Improper Control of Generation of Code ('Code Injection') in GitLab
>= 18.0.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM5.7Improper Neutralization of Input Used for LLM Prompting in GitLab
>= 16.0.0, < 17.8.2
MEDIUM5.7An issue has been discovered in GitLab EE affecting all versions starting from 10.2.
>= 10.2.0, < 13.3.9, >= 13.4.0, < 13.4.5, >= 13.5.0, < 13.5.2
MEDIUM5.7An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 .
>= 8.15.0, < 14.6.5, >= 14.7.0, < 14.7.4, >= 14.8.0, < 14.8.2
MEDIUM5.7Improper Ownership Management in GitLab
from 0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM5.7An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5…
>= 8.6.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
MEDIUM5.7Improper Control of Generation of Code ('Code Injection') in GitLab
>= 16.3.0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
MEDIUM5.5Incorrect Privilege Assignment in GitLab
>= 17.7.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM5.5Allocation of Resources Without Limits or Throttling in GitLab
>= 12.10.0, < 17.10.1
MEDIUM5.5Insertion of Sensitive Information into Log File in GitLab
>= 16.5.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM5.5Uncontrolled Resource Consumption in GitLab
>= 12.0.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM5.5GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
>= 8.5.0, < 12.9.1
MEDIUM5.5A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects.
from 0, < 13.5.2
MEDIUM5.5An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive informa…
>= 12.8.0, < 13.6.6, >= 13.7.0, < 13.7.6, >= 13.8.0, < 13.8.2
MEDIUM5.5A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with…
>= 12.2.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.5An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.…
>= 9.3.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.11.0, < 18.11.3
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM5.4Improper Control of Generation of Code ('Code Injection') in GitLab
>= 15.11.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.4.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM5.4Insufficient Session Expiration in GitLab
>= 18.2.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM5.4Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
>= 15.4.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.7.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 10.6.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM5.4Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
>= 18.6.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 13.9.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.1.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.10.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.2.2, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
MEDIUM5.4Insufficient Granularity of Access Control in GitLab
>= 15.4.0, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.2.0, < 18.2.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 14.2.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.10.0, < 18.0.5, >= 18.1.0, < 18.1.3, >= 18.2.0, < 18.2.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.7.0, < 17.10.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 13.5.0, < 17.10.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.6.0, < 17.9.1
MEDIUM5.4Incomplete Comparison with Missing Factors in GitLab
from 0, < 17.1.2
MEDIUM5.4Incorrect User Management in GitLab
>= 16.4.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.3.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM5.4Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
>= 15.2.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.3.0, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.10.0, < 17.3.6, >= 17.4.0, < 17.4.3, >= 17.5.0, < 17.5.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 17.1.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 5.1.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM5.4Authentication Bypass by Primary Weakness in GitLab
>= 16.7.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.6.0, < 17.0.5, >= 17.1.0, < 17.1.3, >= 17.2.0, < 17.2.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.9.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.7.0, < 16.8.6, >= 16.9.0, < 16.9.4, >= 16.10.0, < 16.10.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 16.9.0, < 16.9.4, >= 16.10.0, < 16.10.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
from 0, < 16.8.5, >= 16.9.0, < 16.9.3, >= 16.10.0, < 16.10.1
MEDIUM5.4For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
>= 10.8.0, < 10.8.1
MEDIUM5.4For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
>= 12.9.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
MEDIUM5.4A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 8.7.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM5.4In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
>= 7.7.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
MEDIUM5.4A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM5.4An issue has been discovered in GitLab affecting versions prior to 12.10.13.
>= 11.2.0, < 12.10.13
MEDIUM5.4An issue has been discovered in GitLab affecting versions prior to 12.10.13.
from 0, < 12.10.13
MEDIUM5.4An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2.
>= 8.10.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting from 10.8.
>= 10.8.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM5.4A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to p…
from 0, < 13.6.2
MEDIUM5.4A vulnerability was discovered in GitLab versions before 12.2.
>= 12.2.0, < 13.6.6, >= 13.7.0, < 13.7.6, >= 13.8.0, < 13.8.2
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting with 13.7.
>= 13.7.0, < 13.7.6, >= 13.8.0, < 13.8.2
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting with 11.8.
>= 11.8.0, < 13.6.6, >= 13.7.0, < 13.7.6, >= 13.8.0, < 13.8.2
MEDIUM5.4Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerab…
>= 13.8.0, < 13.8.5, >= 13.9.0, < 13.9.2
MEDIUM5.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4.
>= 13.4.0, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting with 12.9.
>= 12.9.0, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting with 13.10.
>= 13.10.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM5.4Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vuln…
>= 13.11.3, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM5.4HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE
>= 9.5.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting with 13.3.
>= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0.
>= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.4Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site s…
>= 11.4.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.4Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that adminis…
>= 13.3.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.4Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger dep…
>= 13.4.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.4Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track t…
>= 12.6.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.4A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, al…
>= 13.7.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM5.4A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
>= 13.6.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.4A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to ex…
>= 13.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.4A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2…
>= 13.7.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.4A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to ex…
>= 8.4.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.4In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers…
>= 8.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.4Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to ex…
>= 14.3.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM5.4Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an att…
>= 8.3.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM5.4Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versi…
>= 1.0.2, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM5.4A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior…
>= 13.11.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1.
>= 15.0.0, < 15.0.1
MEDIUM5.4Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, an…
>= 14.5.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM5.4A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior…
from 0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM5.4A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions star…
>= 15.2.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3…
>= 10.0.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM5.4A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 pri…
from 0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM5.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 befor…
>= 12.1.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM5.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 befor…
>= 15.4.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8…
>= 15.5.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM5.4An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8…
>= 13.7.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM5.4An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1.
>= 15.7.0, < 15.10.1
MEDIUM5.4A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting fr…
>= 5.1.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.9.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM5.4Improper Encoding or Escaping of Output in GitLab
>= 7.14.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM5.4An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 bef…
>= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM5.4Incorrect Authorization in GitLab
from 0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
MEDIUM5.4Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
>= 13.7.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 15.10.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
MEDIUM5.3Incorrect Authorization in GitLab
>= 18.2.0, < 18.10.7, >= 18.11.0, < 18.11.4 | >= 19.0.0, <= 19.0.0
MEDIUM5.3Missing Authorization in GitLab
>= 18.6.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
MEDIUM5.3Insertion of Sensitive Information into Log File in GitLab
>= 13.2.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.1
MEDIUM5.3Incorrect Authorization in GitLab
>= 18.1.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM5.3Business Logic Errors in GitLab
>= 17.4.0, < 18.2.7, >= 18.3.0, < 18.3.3, >= 18.4.0, < 18.4.1
MEDIUM5.3Missing Authorization in GitLab
from 0, < 18.1.5, >= 18.2.0, < 18.2.5, >= 18.3.0, < 18.3.1
MEDIUM5.3Exposure of Sensitive Information Due to Incompatible Policies in GitLab
>= 17.0.0, < 18.0.5, >= 18.1.0, < 18.1.3, >= 18.2.0, < 18.2.1
MEDIUM5.3Missing Authentication for Critical Function in GitLab
>= 17.2.0, < 18.0.1, >= 18.1.0
MEDIUM5.3Debug Messages Revealing Unnecessary Information in GitLab
>= 17.9.0, < 17.10.4
MEDIUM5.3Insufficient Granularity of Access Control in GitLab
>= 13.12.0, < 17.10.4
MEDIUM5.3Authorization Bypass Through User-Controlled Key in GitLab
>= 16.2.0, < 17.9.1
MEDIUM5.3Insufficient Session Expiration in GitLab
>= 16.11.0, < 17.8.2
MEDIUM5.3Missing Authorization in GitLab
>= 15.2.0, < 16.11.2
MEDIUM5.3Insufficient Granularity of Access Control in GitLab
>= 17.0.0, < 17.6.4, >= 17.7.0, < 17.7.3, >= 17.8.0, < 17.8.1
MEDIUM5.3Incorrect Authorization in GitLab
>= 16.9.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM5.3Incorrect Authorization in GitLab
>= 15.0.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM5.3Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
>= 17.3.0, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2
MEDIUM5.3Insufficient Session Expiration in GitLab
>= 16.11.0, < 17.4.5, >= 17.5.0, < 17.5.3, >= 17.6.0, < 17.6.1
MEDIUM5.3Inclusion of Sensitive Information in Source Code in GitLab
>= 16.6.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
MEDIUM5.3Uncontrolled Search Path Element in GitLab
>= 11.8.0, < 16.11.6, >= 17.0.0, < 17.0.4, >= 17.1.0, < 17.1.2
MEDIUM5.3Improper Access Control in GitLab
>= 16.9.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM5.3Missing Authorization in GitLab
>= 11.11.0, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
MEDIUM5.3Authentication Bypass by Spoofing in GitLab
from 0, < 16.9.6, >= 16.10.0, < 16.10.4, >= 16.11.0, < 16.11.1
MEDIUM5.3GitLab 7.10 through 12.8.1 has Incorrect Access Control.
>= 7.10.0, < 12.8.2
MEDIUM5.3GitLab 8.3 through 12.8.1 allows Information Disclosure.
>= 8.3.0, < 12.8.2
MEDIUM5.3GitLab 12.2 through 12.8.1 allows Denial of Service.
>= 12.2.0, < 12.8.2
MEDIUM5.3GitLab EE 11.6 through 12.8.1 allows Information Disclosure.
>= 11.6.0, < 12.8.2
MEDIUM5.3GitLab 12.3.5 through 12.8.1 allows Information Disclosure.
>= 12.3.5, < 12.8.2
MEDIUM5.3GitLab 10.4 through 12.8.1 allows Directory Traversal.
>= 10.4.0, < 12.8.2
MEDIUM5.3GitLab 11.7 through 12.8.1 allows Information Disclosure.
>= 11.7.0, < 12.8.2
MEDIUM5.3GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace…
>= 12.8.0, < 12.8.6
MEDIUM5.3GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI an…
>= 8.11.0, < 12.9.1
MEDIUM5.3GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
>= 12.6.0, < 12.7.8, >= 12.8.0, < 12.8.8, >= 12.9.0, < 12.9.1
MEDIUM5.3GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
>= 10.8.0, < 12.7.8, >= 12.8.0, < 12.8.8, >= 12.9.0, < 12.9.1
MEDIUM5.3GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
>= 12.8.0, < 12.8.10
MEDIUM5.3Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster…
>= 10.3.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM5.3User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
>= 12.5.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM5.3A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their con…
>= 12.8.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM5.3A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 7.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM5.3Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group.
from 0, < 13.5.2
MEDIUM5.3GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.
>= 11.3.0, < 13.1.3
MEDIUM5.3Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3.
>= 13.3.0, < 13.3.9, >= 13.4.0, < 13.4.5, >= 13.5.0, < 13.5.2
MEDIUM5.3A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 tha…
>= 12.2.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2.
>= 13.4.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM5.3Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership.
>= 13.1.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM5.3An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1.
>= 8.9.0, < 12.6.2
MEDIUM5.3GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
>= 10.1.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
MEDIUM5.3GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
>= 12.4.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
MEDIUM5.3GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
>= 8.8.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
MEDIUM5.3GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
>= 8.9.0, < 12.5.9, >= 12.6.0, < 12.6.6 | >= 12.7.0, <= 12.7.2
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting with 13.0.
>= 13.0.0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2.
>= 13.2.0, < 13.9.7, >= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.2
MEDIUM5.3Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pip…
>= 13.12.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1…
>= 14.0.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM5.3In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visi…
>= 13.6.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.3In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
>= 1.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.3Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent gr…
>= 12.9.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM5.3In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the p…
>= 10.6.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM5.3A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7.
>= 13.7.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM5.3Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all v…
>= 11.3.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM5.3A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7.
>= 13.7.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM5.3Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting f…
>= 13.0.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM5.3An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project mem…
>= 12.0.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2.
>= 13.0.0, < 14.6.5, >= 14.7.0, < 14.7.4, >= 14.8.0, < 14.8.2
MEDIUM5.3A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior…
from 0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 befor…
>= 12.1.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM5.3Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14…
>= 11.0.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.…
>= 12.10.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM5.3A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0…
>= 1.0.2, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 befo…
>= 13.4.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.…
>= 8.13.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.…
>= 12.4.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM5.3An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prio…
>= 12.5.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM5.3An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 1…
>= 12.5.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before…
>= 9.3.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prio…
>= 14.6.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM5.3An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 1…
>= 13.9.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM5.3Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 a…
>= 14.2.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM5.3An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to…
>= 11.3.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before…
>= 6.6.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
MEDIUM5.3An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 1…
>= 12.6.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM5.3An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4,…
from 0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 befor…
>= 10.0.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
MEDIUM5.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 befor…
>= 10.8.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 bef…
>= 15.7.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM5.3A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to…
>= 11.3.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM5.3An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 wh…
>= 13.7.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8…
>= 15.5.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9…
>= 13.6.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.…
>= 9.0.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM5.3Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all ve…
>= 12.3.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM5.3A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10…
>= 15.0.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM5.3An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.…
>= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM5.3Improper Verification of Cryptographic Signature in GitLab
>= 12.2.0, < 16.5.6, >= 16.6.0, < 16.6.4, >= 16.7.0, < 16.7.2
MEDIUM5.3An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before…
>= 12.0.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM5.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM5.3Generation of Error Message Containing Sensitive Information in GitLab
>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM5.3Incorrect User Management in GitLab
from 0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM5.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 11.3.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
MEDIUM5.3Direct Request ('Forced Browsing') in GitLab
>= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM5.3Improper Validation of Specified Type of Input in GitLab
from 0, < 16.2.0
MEDIUM5.3Incorrect Authorization in GitLab
>= 15.3.0, < 16.5.6, >= 16.6.0, < 16.6.4, >= 16.7.0, < 16.7.2
MEDIUM5.3Missing Authorization in GitLab
from 0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
MEDIUM5.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 16.0.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
MEDIUM5.3Missing Authorization in GitLab
from 0, < 16.5.6, >= 16.6.0, < 16.6.4, >= 16.7.0, < 16.7.2
MEDIUM5.3Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 16.1.0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
MEDIUM5.3libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
from 0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM5.0Improper Neutralization of CRLF Sequences ('CRLF Injection') in GitLab
>= 8.11.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM5.0Improper Control of Generation of Code ('Code Injection') in GitLab
from 0, < 18.1.5, >= 18.2.0, < 18.2.5, >= 18.3.0, < 18.3.1
MEDIUM5.0Incorrect Permission Assignment for Critical Resource in GitLab
>= 15.7.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM5.0An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request hea…
>= 2.0.0, < 3.0.55
MEDIUM5.0Exposure of Sensitive Information to an Unauthorized Actor in GitLab
>= 15.6.0, < 17.0.5, >= 17.1.0, < 17.1.3, >= 17.2.0, < 17.2.1
MEDIUM5.0An issue has been discovered in GitLab affecting all versions starting from 13.2.
>= 13.2.0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
MEDIUM4.9Exposure of Sensitive Information to an Unauthorized Actor in GitLab
>= 16.11.0, < 17.0.5, >= 17.1.0, < 17.1.3, >= 17.2.0, < 17.2.1
MEDIUM4.9Improper Access Control in GitLab
>= 16.10.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM4.9A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4.
>= 12.6.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.9An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.
>= 13.1.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM4.9An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restri…
>= 9.4.0, < 13.7.8, >= 13.8.0, < 13.8.5, >= 13.9.0, < 13.9.2
MEDIUM4.9An issue has been discovered in GitLab affecting all versions starting from 11.6.
>= 11.6.0, < 13.9.7, >= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.2
MEDIUM4.9All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting f…
>= 9.5.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
MEDIUM4.9Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.
>= 13.1.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.9In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the…
>= 8.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.9An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 1…
>= 12.10.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
MEDIUM4.9An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14…
>= 11.9.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM4.9An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.…
>= 9.2.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM4.9An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from…
>= 9.3.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.9An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prio…
>= 12.9.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM4.9An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all ve…
>= 11.5.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM4.9Incorrect Privilege Assignment in GitLab
>= 14.1.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM4.8GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
>= 9.5.9, < 12.7.8, >= 12.8.0, < 12.8.8, >= 12.9.0, < 12.9.1
MEDIUM4.8In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
>= 13.0.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
MEDIUM4.8A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 12.10.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.8An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13.
>= 12.0.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM4.8An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13.
>= 11.8.0, < 12.10.13
MEDIUM4.8An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a gro…
>= 12.10.0, < 12.10.13
MEDIUM4.8A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions s…
>= 13.9.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM4.8A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5,…
>= 14.4.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM4.8A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.…
>= 9.0.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM4.7A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.6Improper Validation of Unsafe Equivalence in Input in GitLab
>= 18.8.0, < 18.8.4
MEDIUM4.6An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10…
>= 8.1.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM4.5In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an u…
>= 8.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.5Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 a…
>= 12.10.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM4.5An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.…
>= 11.9.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
MEDIUM4.4Improper Encoding or Escaping of Output in GitLab
>= 15.5.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.4Incorrect User Management in GitLab
>= 16.0.0, < 17.2.2
MEDIUM4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
>= 5.1.0, < 16.10.7, >= 16.11.0, < 16.11.4, >= 17.0.0, < 17.0.2
MEDIUM4.4An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.
>= 10.8.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM4.4Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs.
>= 8.4.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM4.4In all versions of GitLab, marshalled session keys were being stored in Redis.
from 0, < 13.7.8, >= 13.8.0, < 13.8.5, >= 13.9.0, < 13.9.2
MEDIUM4.4In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting f…
>= 14.0.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3Improper Neutralization of Substitution Characters in GitLab
>= 15.9.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
MEDIUM4.3Incorrect Authorization in GitLab
>= 13.9.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
MEDIUM4.3Incorrect Authorization in GitLab
>= 18.9.0, < 18.10.7, >= 18.11.0, < 18.11.4, >= 19.0.0, < 19.0.1
MEDIUM4.3Use of Incorrectly-Resolved Name or Reference in GitLab
>= 12.7.0, < 18.10.7, >= 18.11.0, < 18.11.4 | >= 19.0.0, <= 19.0.0
MEDIUM4.3Missing Authorization in GitLab
>= 18.7.0, < 18.10.7, >= 18.11.0, < 18.11.4 | >= 19.0.0, <= 19.0.0
MEDIUM4.3Missing Authorization in GitLab
>= 11.5.0, < 18.10.7, >= 18.11.0, < 18.11.4 | >= 19.0.0, <= 19.0.0
MEDIUM4.3Missing Authorization in GitLab
>= 15.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 11.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Access Control Check Implemented After Asset is Accessed in GitLab
>= 18.3.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 16.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 17.6.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 17.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 15.1.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Missing Authorization in GitLab
>= 15.1.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
MEDIUM4.3Incorrect Authorization in GitLab
>= 18.11.0, < 18.11.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 11.3.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM4.3Incorrect Authorization in GitLab
>= 18.6.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM4.3Missing Authorization in GitLab
>= 16.6.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
MEDIUM4.3Incorrect Authorization in GitLab
>= 11.10.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
MEDIUM4.3Missing Authorization in GitLab
>= 18.6.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
MEDIUM4.3Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
>= 8.14.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.3Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
>= 12.6.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.3Missing Authorization in GitLab
>= 14.4.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.3Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 15.6.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.3Missing Authorization in GitLab
>= 18.2.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.3Incorrect Authorization in GitLab
>= 15.1.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.2
MEDIUM4.3Authentication Bypass Using an Alternate Path or Channel in GitLab
>= 17.11.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
MEDIUM4.3Missing Authorization in GitLab
>= 17.7.0, < 18.7.5, >= 18.8.0, < 18.8.5, >= 18.9.0, < 18.9.1
MEDIUM4.3Server-Side Request Forgery (SSRF) in GitLab
>= 18.0.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
MEDIUM4.3Missing Authorization in GitLab
>= 18.4.0, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
MEDIUM4.3Generation of Error Message Containing Sensitive Information in GitLab
>= 17.5.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 13.2.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
MEDIUM4.3Direct Request ('Forced Browsing') in GitLab
>= 13.7.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.1
MEDIUM4.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 17.6.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM4.3Missing Authorization in GitLab
>= 13.2.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM4.3Incorrect Authorization in GitLab
>= 17.9.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
MEDIUM4.3Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
>= 15.1.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.2
MEDIUM4.3Insufficient Granularity of Access Control in GitLab
>= 12.0.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2
MEDIUM4.3Missing Authorization in GitLab
>= 15.4.0, < 18.0.5, >= 18.1.0, < 18.1.3, >= 18.2.0, < 18.2.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 17.9.0, < 18.0.5, >= 18.1.0, < 18.1.3, >= 18.2.0, < 18.2.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 13.3.0, < 18.0.1, >= 18.1.0
MEDIUM4.3Missing Authorization in GitLab
>= 16.10.0, < 18.0.1, >= 18.1.0
MEDIUM4.3Missing Authorization in GitLab
>= 17.2.0, < 18.0.1, >= 18.1.0
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 17.9.0, < 18.0.2
MEDIUM4.3Insufficient Granularity of Access Control in GitLab
>= 18.0.0, < 18.0.1
MEDIUM4.3Exposure of Private Personal Information to an Unauthorized Actor in GitLab
>= 17.1.0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM4.3Weak Authentication in GitLab
>= 16.8.0, < 17.11.3, >= 18.0.0, < 18.0.1
MEDIUM4.3Missing Authorization in GitLab
>= 17.7.0, < 17.11.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 17.7.0, < 17.8.2
MEDIUM4.3Server-Side Request Forgery (SSRF) in GitLab
>= 15.5.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
MEDIUM4.3Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
>= 15.0.0, < 17.6.4, >= 17.7.0, < 17.7.2, >= 17.8.0, < 17.8.0
MEDIUM4.3Missing Authorization in GitLab
>= 15.5.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.1
MEDIUM4.3Inefficient Algorithmic Complexity in GitLab
>= 15.7.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.1
MEDIUM4.3Allocation of Resources Without Limits or Throttling in GitLab
>= 13.9.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
MEDIUM4.3Incorrect Provision of Specified Functionality in GitLab
>= 11.4.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.2
MEDIUM4.3Incorrect Provision of Specified Functionality in GitLab
>= 15.6.0, < 17.2.8, >= 17.3.0, < 17.3.4, >= 17.4.0, < 17.4.1
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 16.7.0, < 17.1.7, >= 17.3.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM4.3Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
>= 17.1.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
MEDIUM4.3Improper Access Control in GitLab
>= 12.5.0, < 17.1.6, >= 17.2.0, < 17.2.4, >= 17.3.0, < 17.3.1
MEDIUM4.3Improper Access Control in GitLab
>= 16.7.0, < 17.0.5, >= 17.1.0, < 17.1.3, >= 17.2.0, < 17.2.1
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in GitLab
>= 16.0.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM4.3Improper Access Control in GitLab
>= 16.1.0, < 16.11.5, >= 17.0.0, < 17.0.3, >= 17.1.0, < 17.1.1
MEDIUM4.3Uncontrolled Resource Consumption in GitLab
>= 16.10.0, < 16.10.6, >= 16.11.0, < 16.11.3
MEDIUM4.3Authorization Bypass Through User-Controlled Key in GitLab
>= 16.10.0, < 16.10.6, >= 16.11.0, < 16.11.3, >= 17.0.0, < 17.0.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 16.7.0, < 16.9.6, >= 16.10.0, < 16.10.4, >= 16.11.0, < 16.11.1
MEDIUM4.3GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.
>= 10.8.0, < 12.9.1
MEDIUM4.3GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
>= 11.10.0, < 12.9.1
MEDIUM4.3GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
>= 9.0.0, < 12.9.1
MEDIUM4.3Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other use…
>= 12.8.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM4.3User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through…
from 0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM4.3For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forge…
>= 12.7.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
MEDIUM4.3A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 13.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.3A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.3A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.3A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.3A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
MEDIUM4.3An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13.
>= 8.16.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM4.3A vulnerability was discovered in GitLab versions prior to 13.1.
>= 11.8.0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
MEDIUM4.3A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3.
>= 13.1.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM4.3Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/tra…
>= 7.12.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
MEDIUM4.3An issue has been discovered in GitLab EE affecting all versions starting from 8.12.
from 0, < 13.5.2 | >= 8.12.0, <= 8.12.0, >= 13.4.0, <= 13.4.0, >= 13.5.0, <= 13.5.0
MEDIUM4.3CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators t…
from 0, < 13.5.2
MEDIUM4.3A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6.
from 0, < 13.3.9
MEDIUM4.3An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized use…
>= 13.1.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM4.3A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13…
>= 13.4.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM4.3Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE…
>= 13.2.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM4.3Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API.
>= 12.2.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.2
MEDIUM4.3An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1.
>= 5.1.0, < 12.6.2
MEDIUM4.3GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
>= 12.0.0, < 12.7.3
MEDIUM4.3An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
>= 13.4.0, < 13.5.6, >= 13.6.0, < 13.6.4, >= 13.7.0, < 13.7.2
MEDIUM4.3Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the release…
>= 12.8.0, < 13.6.6, >= 13.7.0, < 13.7.6, >= 13.8.0, < 13.8.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting with 3.0.1.
>= 3.0.1, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
MEDIUM4.3Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource…
>= 12.6.0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 13.4.
>= 13.6.0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
MEDIUM4.3An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7.
from 0, < 13.6.7, >= 13.7.0, < 13.7.7, >= 13.8.0, < 13.8.4
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated u…
>= 10.6.0, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident m…
>= 13.8.0, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all previous versions.
from 0, < 13.8.7, >= 13.9.0, < 13.9.5, >= 13.10.0, < 13.10.1
MEDIUM4.3An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7.
>= 13.5.0, < 13.9.7
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.
>= 13.7.0, < 13.9.7, >= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.2
MEDIUM4.3A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile p…
>= 8.0.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM4.3An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
>= 13.10.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM4.3An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.
>= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.3Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap b…
>= 13.7.0, < 13.11.6, >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
MEDIUM4.3Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another em…
>= 7.10.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.3Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
>= 13.0.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.3A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group
>= 12.2.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.3Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with ema…
>= 12.2.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.3Under very specific conditions a user could be impersonated using Gitlab shell.
>= 13.1.0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
MEDIUM4.3The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses
>= 8.9.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM4.3Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all ver…
>= 13.12.0, < 14.0.9, >= 14.1.0, < 14.1.4, >= 14.2.0, < 14.2.2
MEDIUM4.3In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repo…
>= 8.12.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by…
>= 11.11.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed…
>= 13.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visi…
>= 1.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
>= 11.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.
>= 11.3.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5…
>= 13.11.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privile…
>= 8.13.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up…
>= 10.6.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting fr…
>= 13.10.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the prote…
>= 14.1.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintaine…
>= 12.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.3Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an inciden…
>= 13.4.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM4.3An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions…
>= 13.1.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM4.3An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private group…
>= 8.9.6, < 14.2.6
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 befor…
>= 12.6.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14…
>= 13.9.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM4.3A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of…
>= 8.13.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
MEDIUM4.3Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any Ex…
>= 14.1.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4…
>= 11.1.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and…
>= 8.4.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
MEDIUM4.3Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an at…
>= 12.4.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 befor…
>= 8.11.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 befor…
>= 12.10.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before…
>= 12.10.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.…
>= 10.7.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all ver…
>= 14.1.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
MEDIUM4.3An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
from 0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.1
MEDIUM4.3An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
from 0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.1
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14…
>= 12.0.0, < 14.4.5, >= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6…
>= 10.0.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 befor…
>= 11.4.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM4.3Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve…
>= 12.4.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM4.3Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retr…
>= 12.7.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10.
>= 8.10.0, < 14.5.4, >= 14.6.0, < 14.6.4, >= 14.7.0, < 14.7.1
MEDIUM4.3Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 b…
>= 7.8.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM4.3Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior…
from 0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM4.3A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and…
>= 13.1.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM4.3An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9…
>= 13.11.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM4.3An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior…
from 0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 befor…
>= 12.2.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM4.3Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious ac…
>= 10.7.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
MEDIUM4.3Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.…
>= 8.12.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM4.3An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions st…
from 0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM4.3It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.…
>= 13.2.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 befo…
>= 10.8.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
MEDIUM4.3Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, all…
>= 10.7.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM4.3An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 b…
>= 13.7.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM4.3Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prio…
from 0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM4.3An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to…
>= 14.8.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM4.3An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 p…
>= 14.8.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versi…
from 0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM4.3An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before…
>= 13.10.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
MEDIUM4.3An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.…
>= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 befor…
>= 12.6.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.3A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 bef…
>= 10.7.0, < 15.1.5, >= 15.2.0, < 15.2.3, >= 15.3.0, < 15.3.1
MEDIUM4.3An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all v…
from 0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM4.3A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a…
from 0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.3Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 pr…
>= 9.3.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.3Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 be…
>= 12.8.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.3It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15…
>= 15.0.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.3An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 1…
>= 14.5.0, < 15.1.6, >= 15.2.0, < 15.2.4, >= 15.3.0, < 15.3.2
MEDIUM4.3An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 1…
>= 13.7.0, < 15.2.5, >= 15.3.0, < 15.3.4, >= 15.4.0, < 15.4.1
MEDIUM4.3Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4,…
>= 14.5.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5…
>= 12.8.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM4.3Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 all…
>= 7.14.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM4.3An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 1…
>= 15.0.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version…
>= 15.3.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM4.3A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 whic…
from 0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in GitLab
>= 13.12.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 befor…
>= 11.8.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions…
>= 15.2.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8…
>= 12.8.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
MEDIUM4.3Incorrect Authorization in GitLab
>= 10.0.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM4.3Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in GitLab
>= 12.9.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM4.3Allocation of Resources Without Limits or Throttling in GitLab
>= 8.3.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all v…
>= 15.5.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 bef…
>= 10.0.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM4.3Generation of Error Message Containing Sensitive Information in GitLab
>= 12.9.0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM4.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 3.0.29, < 4.0.5
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.…
>= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
MEDIUM4.3Missing Authorization in GitLab
>= 15.2.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM4.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 15.7.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM4.3Exposure of Private Personal Information to an Unauthorized Actor in GitLab
>= 13.7.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all ve…
from 0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM4.3An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 befo…
>= 1.2.0, < 15.10.8, >= 15.11.0, < 15.11.7, >= 16.0.0, < 16.0.2
MEDIUM4.3Missing Authorization in GitLab
from 0, < 16.0.8, >= 16.1.0, < 16.1.3, >= 16.2.0, < 16.2.2
MEDIUM4.3An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.…
>= 10.0.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
MEDIUM4.3Missing Authorization in GitLab
>= 11.8.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 13.7.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
MEDIUM4.3Incorrect User Management in GitLab
>= 11.11.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM4.3Allocation of Resources Without Limits or Throttling in GitLab
>= 10.3.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 12.1.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 11.2.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 13.2.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 10.6.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 9.2.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
MEDIUM4.3Insertion of Sensitive Information Into Sent Data in GitLab
>= 11.8.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM4.3Incorrect Authorization in GitLab
>= 16.2.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM4.3Missing Authorization in GitLab
>= 10.6.0, < 16.1.5, >= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
MEDIUM4.3Missing Authorization in GitLab
>= 12.0.0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
MEDIUM4.3Missing Authorization in GitLab
>= 9.3.0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
MEDIUM4.3Incorrect Authorization in GitLab
from 0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
MEDIUM4.3Allocation of Resources Without Limits or Throttling in GitLab
>= 13.9.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
MEDIUM4.3Direct Request ('Forced Browsing') in GitLab
>= 14.0.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
MEDIUM4.3Direct Request ('Forced Browsing') in GitLab
>= 16.4.0, < 16.7.6, >= 16.8.0, < 16.8.3, >= 16.9.0, < 16.9.1
MEDIUM4.2Incorrect Authorization in GitLab
>= 17.5.0, < 17.8.2
MEDIUM4.2In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change pa…
>= 1.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
MEDIUM4.0Insertion of Sensitive Information into Log File in GitLab
>= 11.0.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
LOW3.8In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may…
>= 8.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
LOW3.8A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before…
>= 13.0.0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
LOW3.8An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 befor…
>= 15.1.0, < 15.5.7, >= 15.6.0, < 15.6.4, >= 15.7.0, < 15.7.2
LOW3.8An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8…
>= 12.1.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
LOW3.8An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1.
>= 15.1.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
LOW3.8Insertion of Sensitive Information Into Sent Data in GitLab
>= 15.1.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
LOW3.8Insertion of Sensitive Information into Log File in GitLab
>= 13.6.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
LOW3.8Cleartext Storage of Sensitive Information in GitLab
>= 16.2.0, < 16.2.5, >= 16.3.0, < 16.3.1
LOW3.7Authorization Bypass Through User-Controlled Key in GitLab
>= 15.9.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.2
LOW3.7Incorrect Authorization in GitLab
>= 18.1.0, < 18.8.7, >= 18.9.0, < 18.9.3, >= 18.10.0, < 18.10.1
LOW3.7Exposure of Sensitive Information Due to Incompatible Policies in GitLab
from 0, < 17.6.0
LOW3.7An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9…
>= 12.6.0, < 14.8.6, >= 14.9.0, < 14.9.4, >= 14.10.0, < 14.10.1
LOW3.7An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.…
>= 11.10.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
LOW3.7Potential Denial-of-Service in bindata
>= 12.0.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
LOW3.5Server-Side Request Forgery (SSRF) in GitLab
>= 18.8.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
LOW3.5Improper Restriction of Rendered UI Layers or Frames in GitLab
>= 18.11.0, < 18.11.1
LOW3.5Authorization Bypass Through User-Controlled Key in GitLab
>= 17.11.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.4
LOW3.5Exposure of Private Personal Information to an Unauthorized Actor in GitLab
>= 10.3.0, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.1
LOW3.5Improper Encoding or Escaping of Output in GitLab
>= 15.6.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.2
LOW3.5Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
>= 17.8.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
LOW3.5Improper Handling of URL Encoding (Hex Encoding) in GitLab
>= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.2
LOW3.5Business Logic Errors in GitLab
>= 17.1.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2
LOW3.5For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgrou…
>= 10.5.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3
LOW3.5An issue has been discovered in GitLab affecting all versions starting with 7.1.
>= 7.1.0, < 13.6.6, >= 13.7.0, < 13.7.6, >= 13.8.0, < 13.8.2
LOW3.5Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable…
>= 7.11.0, < 14.1.7
LOW3.5In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitra…
>= 7.7.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
LOW3.5Incorrect Authorization in GitLab
>= 8.17.0, < 16.4.4, >= 16.5.0, < 16.5.4, >= 16.6.0, < 16.6.2
LOW3.5Improper Validation of Specified Type of Input in GitLab
>= 12.3.0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
LOW3.1Missing Authorization in GitLab
>= 16.8.0, < 18.5.0
LOW3.1Missing Authorization in GitLab
>= 16.0.0, < 16.3.6, >= 16.4.0, < 16.4.2, >= 16.5.0, < 16.5.1
LOW3.1Incorrect Authorization in GitLab
>= 14.3.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.2
LOW3.1Incorrect Authorization in GitLab
>= 8.13.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 16.6.0, < 16.6.1
LOW2.7Missing Authorization in GitLab
>= 16.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
LOW2.7Incorrect Authorization in GitLab
>= 11.2.0, < 18.9.6, >= 18.10.0, < 18.10.4, >= 18.11.0, < 18.11.1
LOW2.7Missing Authorization in GitLab
>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.3
LOW2.7Insufficient Granularity of Access Control in GitLab
>= 15.0.0, < 18.0.5, >= 18.1.0, < 18.1.3, >= 18.2.0, < 18.2.1
LOW2.7Incorrect Authorization in GitLab
>= 18.0.0
LOW2.7Incorrect Authorization in GitLab
>= 18.0.0
LOW2.7Incorrect Authorization in GitLab
>= 16.5.0, < 17.9.2
LOW2.7Incorrect Synchronization in GitLab
>= 16.5.0, < 17.2.8, >= 17.3.0, < 17.3.4, >= 17.4.0, < 17.4.1
LOW2.7Improper Control of Resource Identifiers ('Resource Injection') in GitLab
>= 12.0.0, < 17.0.5, >= 17.1.0, < 17.1.3, >= 17.2.0, < 17.2.1
LOW2.7Improper Access Control in GitLab
>= 16.5.0, < 16.11.6, >= 17.0.0, < 17.0.4, >= 17.1.0, < 17.1.2
LOW2.7Improper Access Control in GitLab
>= 17.0.0, < 17.0.4, >= 17.1.0, < 17.1.2
LOW2.7Improper Access Control in GitLab
>= 17.0.0, < 17.0.4, >= 17.1.0, < 17.1.2
LOW2.7Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials…
>= 12.6.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1
LOW2.7A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
>= 1.0.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.4
LOW2.7An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirma…
>= 10.1.0, < 13.2.10, >= 13.3.0, < 13.3.7, >= 13.4.0, < 13.4.2
LOW2.7An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members…
>= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
LOW2.7Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossib…
from 0, < 13.12.9, >= 14.0.0, < 14.0.7, >= 14.1.0, < 14.1.2
LOW2.7Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with…
>= 10.8.0, < 14.1.7, >= 14.2.0, < 14.2.5, >= 14.3.0, < 14.3.1
LOW2.7In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoi…
>= 11.10.0, < 14.2.6, >= 14.3.0, < 14.3.4, >= 14.4.0, < 14.4.1
LOW2.7Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 bef…
>= 9.4.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2
LOW2.7A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 unde…
>= 14.0.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
LOW2.7An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 befo…
>= 14.3.0, < 14.9.5, >= 14.10.0, < 14.10.4, >= 15.0.0, < 15.0.1
LOW2.7An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior…
>= 12.2.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1
LOW2.7An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versi…
from 0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
LOW2.7An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions…
from 0, < 15.0.5, >= 15.1.0, < 15.1.4, >= 15.2.0, < 15.2.1
LOW2.7An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versi…
from 0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2
LOW2.6All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting…
>= 12.8.0, < 13.10.5, >= 13.11.0, < 13.11.5, >= 13.12.0, < 13.12.2
LOW2.4Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab…
from 0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2