Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2024-5318
Disclosure Date: May 24, 2024 (last updated December 18, 2024)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.
0
Attacker Value
Unknown
CVE-2024-5258
Disclosure Date: May 23, 2024 (last updated December 18, 2024)
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
0
Attacker Value
Unknown
CVE-2024-1947
Disclosure Date: May 23, 2024 (last updated December 18, 2024)
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
0
Attacker Value
Unknown
CVE-2023-7045
Disclosure Date: May 23, 2024 (last updated December 18, 2024)
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
0
Attacker Value
Unknown
CVE-2023-6502
Disclosure Date: May 23, 2024 (last updated December 18, 2024)
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.
0
Attacker Value
Unknown
CVE-2024-4835
Disclosure Date: May 23, 2024 (last updated December 18, 2024)
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
0
Attacker Value
Unknown
CVE-2024-2874
Disclosure Date: May 23, 2024 (last updated December 18, 2024)
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.
0
