cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10383,https://securityvulnerability.io/vulnerability/CVE-2024-10383,XSS Vulnerability in GitLab Web IDE Component Affects Multiple Versions,"An XSS vulnerability has been identified in the gitlab-web-ide-vscode-fork component that allows an attacker to execute malicious scripts in a user's browser. This issue primarily affects all versions prior to 1.89.1-1.0.0-dev-20241118094343 within the GitLab environment. Specifically, it can occur when loading Jupyter notebook (.ipynb) files in the GitLab web IDE, impacting GitLab CE/EE versions from 15.11 to 17.3 and temporarily affecting subsequent versions (17.4, 17.5, and 17.6). As a result, this flaw exploits the web IDE component, presenting potential security risks for users who handle notebook files.",Gitlab,Gitlab Vscode Fork,8.7,HIGH,0.0004299999854993075,false,,false,false,true,2025-02-07T14:12:41.000Z,true,false,false,,2025-02-07T14:12:41.757Z,0
CVE-2025-1072,https://securityvulnerability.io/vulnerability/CVE-2025-1072,Denial of Service Vulnerability in GitLab CE/EE Products,"A Denial of Service (DoS) vulnerability has been identified in GitLab CE/EE, impacting versions from 7.14.1 prior to 17.3.7, as well as 17.4 prior to 17.4.4 and 17.5 prior to 17.5.2. This issue arises when maliciously crafted content is imported using the Fogbugz importer, leading to a potential disruption of service.",Gitlab,Gitlab,6.5,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-02-07T04:05:20.000Z,true,false,false,,2025-02-07T04:05:20.188Z,0
CVE-2024-2878,https://securityvulnerability.io/vulnerability/CVE-2024-2878,Denial of Service Vulnerability in GitLab CE/EE,"An issue in GitLab CE/EE has been identified where an attacker can exploit the application by creating specially crafted search terms for branch names, resulting in a denial of service. This vulnerability affects multiple versions of GitLab, emphasizing the importance of timely updates to mitigate potential exploitation.",Gitlab,Gitlab,7.5,HIGH,0.0004299999854993075,false,,false,false,true,2025-02-05T12:21:10.000Z,true,false,false,,2025-02-05T12:21:10.806Z,0
CVE-2024-3976,https://securityvulnerability.io/vulnerability/CVE-2024-3976,Confidential Information Disclosure in GitLab CE/EE,"A vulnerability in GitLab CE/EE allows unauthorized users to gain access to the titles and descriptions of confidential issues within public projects. This issue affects multiple versions, starting from version 14.0 to prior versions 16.9.6, 16.10 to prior versions 16.10.4, and 16.11 to prior versions 16.11.1, highlighting a critical gap in access control that could lead to unintended exposure of sensitive project information.",Gitlab,Gitlab,6.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-05T12:15:00.000Z,true,false,false,,2025-02-05T12:15:00.000Z,0
CVE-2024-5528,https://securityvulnerability.io/vulnerability/CVE-2024-5528,Subdomain Takeover Vulnerability in GitLab CE/EE,"An issue has been identified in GitLab CE/EE that allows attackers to exploit misconfigurations leading to a subdomain takeover in GitLab Pages. This vulnerability impacts all versions up to 16.11.6, as well as specific versions in the 17.x series, making it crucial to upgrade to the latest versions to mitigate potential risks effectively. Organizations using affected GitLab instances should investigate their configurations and implement remediation actions immediately.",Gitlab,Gitlab,3.5,LOW,0.0004299999854993075,false,,false,false,true,2025-02-05T10:31:06.000Z,true,false,false,,2025-02-05T10:31:06.106Z,0
CVE-2024-9631,https://securityvulnerability.io/vulnerability/CVE-2024-9631,Performance Issue in GitLab CE/EE Affecting Diffs with Conflicts,"A performance issue has been identified in GitLab CE/EE versions that affects the responsiveness when viewing diffs of merge requests (MR) containing conflicts. This flaw emerges in all versions starting from 13.6 leading up to 17.2.9, and also impacts versions 17.3 prior to 17.3.5 and 17.4 prior to 17.4.2. Users might experience significant delays, affecting workflow efficiency during code review processes.",Gitlab,Gitlab,7.5,HIGH,0.0004299999854993075,false,,false,false,true,2025-02-05T10:30:51.000Z,true,false,false,,2025-02-05T10:30:51.252Z,0
CVE-2024-6356,https://securityvulnerability.io/vulnerability/CVE-2024-6356,Cross-Project Access Vulnerability in GitLab EE Software,"A vulnerability exists in GitLab EE that permits unauthorized cross-project access through the Security policy bot. This issue impacts versions of GitLab EE ranging from 16.0 to 17.0.5, as well as 17.1 to 17.1.3 and 17.2 to 17.2.1. Users may inadvertently allow external access to sensitive information, leading to potential data breaches or unauthorized actions. It is crucial for users to update their systems to the latest patched versions to mitigate this risk.",Gitlab,Gitlab,4.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-05T10:02:22.000Z,true,false,false,,2025-02-05T10:02:22.677Z,0
CVE-2024-1539,https://securityvulnerability.io/vulnerability/CVE-2024-1539,API Update Disclosure Vulnerability in GitLab EE,"A vulnerability has been identified in GitLab EE, allowing a banned group member to access updates to issues through the API. This issue affects multiple versions, including releases from 15.2 to 16.9.7, 16.10 to 16.10.5, and 16.11 to 16.11.2. The flaw compromises the intended permissions model, potentially exposing sensitive data to unauthorized users.",Gitlab,Gitlab,4.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-05T09:46:46.000Z,true,false,false,,2025-02-05T09:46:46.182Z,0
CVE-2023-6386,https://securityvulnerability.io/vulnerability/CVE-2023-6386,Denial of Service Vulnerability in GitLab CE/EE Products,"A denial of service vulnerability exists in GitLab CE/EE that impacts several versions, allowing attackers to significantly increase resource usage on the GitLab instance. This spike can lead to service degradation, affecting accessibility and reliability. Administrators are encouraged to review their systems and apply necessary updates to mitigate this risk.",Gitlab,Gitlab,6.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-05T09:31:10.000Z,true,false,false,,2025-02-05T09:31:10.106Z,0
CVE-2024-1211,https://securityvulnerability.io/vulnerability/CVE-2024-1211,Cross-Site Request Forgery Vulnerability in GitLab CE/EE by GitLab,"A vulnerability has been identified in GitLab CE/EE that results in potential cross-site request forgery (CSRF) risks for instances utilizing JWT as an OmniAuth provider. This flaw affects multiple versions of GitLab, opening avenues for unauthorized command execution if exploited. Organizations using vulnerable versions should assess their configurations and implement necessary updates to mitigate potential attacks.",Gitlab,Gitlab,6.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T00:15:00.000Z,true,false,false,,2025-01-31T00:15:00.000Z,0
CVE-2023-6195,https://securityvulnerability.io/vulnerability/CVE-2023-6195,Server Side Request Forgery Vulnerability in GitLab CE/EE,"A Server Side Request Forgery vulnerability was identified in GitLab CE/EE, which affects a range of versions. An attacker can exploit this vulnerability by using a malicious URL in the markdown image value while importing a GitHub repository. This could potentially allow unauthorized access to internal services, making it crucial for users to update to the latest versions to mitigate this risk.",Gitlab,Gitlab,2.6,LOW,0.0004299999854993075,false,,false,false,true,2025-01-31T00:15:00.000Z,true,false,false,,2025-01-31T00:15:00.000Z,0
CVE-2025-0314,https://securityvulnerability.io/vulnerability/CVE-2025-0314,Cross-Site Scripting Vulnerability in GitLab CE/EE,"A cross-site scripting vulnerability was identified in GitLab CE/EE that impacts a range of versions. The flaw arises from improper rendering of certain file types, potentially allowing attackers to execute scripts in the context of a user's browser. This could lead to unauthorized actions on behalf of the user, compromising sensitive information or system integrity. Users are advised to review their systems and apply the necessary updates to mitigate any risks associated with this vulnerability.",Gitlab,Gitlab,8.7,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-24T02:30:44.000Z,true,false,false,,2025-01-24T02:30:44.273Z,34
CVE-2024-6324,https://securityvulnerability.io/vulnerability/CVE-2024-6324,Denial of Service Vulnerability in GitLab CE/EE by GitLab,"A Denial of Service vulnerability was identified in GitLab CE/EE that could allow attackers to create cyclic references between epics, leading to resource exhaustion and potential service disruption. This issue affects all versions from 15.7 to 17.5.5, 17.6 from its release to 17.6.3, and 17.7 up until 17.7.1. Properly handling of epics is crucial to prevent this vulnerability from being exploited.",Gitlab,Gitlab,4.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-01-09T06:02:46.000Z,true,false,false,,2025-01-09T06:02:46.213Z,0
CVE-2024-8116,https://securityvulnerability.io/vulnerability/CVE-2024-8116,Unauthorized Data Exposure Vulnerability in GitLab,"CVE-2024-8116 is a high-risk vulnerability affecting GitLab CE/EE across several versions, allowing unauthorized users to exploit a specific GraphQL query. If successfully executed, this vulnerability enables attackers to retrieve sensitive branch names from the GitLab repository under certain conditions, potentially leading to data leakage. The issue has been identified in versions prior to 17.4.6, 17.5.4, and 17.6.2, and it highlights significant implications for access controls and data privacy within affected instances of GitLab.",Gitlab,Gitlab,5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-12-16T04:31:08.000Z,true,false,false,,2024-12-16T04:31:08.730Z,0
CVE-2024-8650,https://securityvulnerability.io/vulnerability/CVE-2024-8650,Access Control Vulnerability in GitLab CE/EE Revealed,"CVE-2024-8650 is a high-risk access control vulnerability present in GitLab CE/EE, affecting versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. This vulnerability allows unauthorized non-member users to view unresolved threads marked as internal notes in public project merge requests. Such exposure could lead to the unintentional disclosure of sensitive information intended only for internal team members, which poses significant security risks. It is imperative for GitLab users to apply the necessary updates to protect against this vulnerability.",Gitlab,Gitlab,5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-12-16T04:30:58.000Z,true,false,false,,2024-12-16T04:30:58.662Z,0
CVE-2024-10043,https://securityvulnerability.io/vulnerability/CVE-2024-10043,Information Disclosure Vulnerability in GitLab EE,"CVE-2024-10043 is a security vulnerability in GitLab EE that affects various versions, allowing group users to view sensitive incident titles through the Wiki History Diff feature. This flaw poses a significant risk of information disclosure, enabling unauthorized access to confidential data that could compromise project security and user privacy. It impacts all versions from 14.3 prior to 17.4.6, and includes a range of subsequent releases up to 17.6.2. Users are urged to apply the latest security updates to mitigate this risk.",Gitlab,Gitlab,3.1,LOW,0.0004299999854993075,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-11274,https://securityvulnerability.io/vulnerability/CVE-2024-11274,Session Data Exfiltration Vulnerability in GitLab CE/EE Affecting Multiple Versions,"A vulnerability exists in GitLab CE/EE that allows an injection of Network Error Logging (NEL) headers in Kubernetes proxy responses. This could potentially enable an attacker to exfiltrate sensitive session data. The issue affects multiple versions of GitLab, spanning from 16.1 to earlier versions of 17.6. Organizations utilizing these versions should be aware of the risk involved with the interaction of NEL headers in their configurations and take appropriate measures to mitigate potential exposure.",Gitlab,Gitlab,8.7,HIGH,0.0006099999882280827,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-9387,https://securityvulnerability.io/vulnerability/CVE-2024-9387,Open Redirect Vulnerability in GitLab CE/EE,"CVE-2024-9387 is a security vulnerability found in GitLab Community Edition (CE) and Enterprise Edition (EE) that affects multiple versions from 11.8 through 17.4.6, 17.5 through 17.5.4, and 17.6 through 17.6.2. This vulnerability allows an attacker to exploit an open redirect condition in the releases API endpoint. By manipulating this endpoint, the attacker can redirect users to unauthorized external sites. The flaw has significant implications for API security, necessitating urgent attention from users of the affected GitLab versions.",Gitlab,Gitlab,6.4,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-12570,https://securityvulnerability.io/vulnerability/CVE-2024-12570,Token Leakage Vulnerability in GitLab CE/EE,"CVE-2024-12570 is a high-risk vulnerability identified in GitLab CE/EE, compromising user session integrity. The flaw enables an attacker to exploit the CI_JOB_TOKEN of a victim to gain unauthorized access to their GitLab session token. This issue affects multiple versions of GitLab from version 13.7 up to 17.4.6, as well as versions 17.5 prior to 17.5.4 and 17.6 prior to 17.6.2. Organizations using these versions should prioritize patching to prevent potential exploitation.",Gitlab,Gitlab,6.7,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-12-12T11:30:44.000Z,true,false,false,,2024-12-12T11:30:44.818Z,0
CVE-2024-11828,https://securityvulnerability.io/vulnerability/CVE-2024-11828,Denial of Service Vulnerability in GitLab CE/EE Affects Multiple Versions,"CVE-2024-11828 is a high-risk denial of service (DoS) vulnerability identified in GitLab CE/EE. This issue affects all versions from 13.2.4 prior to 17.4.5, from 17.5 before 17.5.3, and from 17.6 before 17.6.1. An attacker can exploit this vulnerability by sending forged API calls, leading to a potential DoS condition that can disrupt services and impact availability. This vulnerability represents a regression of a prior patch, making it crucial for users to update their systems to mitigate possible exploitation.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:41:19.000Z,true,false,false,,2024-11-26T18:41:19.280Z,0
CVE-2024-8114,https://securityvulnerability.io/vulnerability/CVE-2024-8114,Privilege Escalation Vulnerability in GitLab Products,"CVE-2024-8114 is a critical privilege escalation vulnerability found in GitLab Community Edition (CE) and Enterprise Edition (EE). This security flaw affects all GitLab versions from 8.12 up to, but not including, 17.4.5, as well as versions 17.5 prior to 17.5.3 and 17.6 up to 17.6.1. The vulnerability occurs when an attacker gains access to a user's Personal Access Token (PAT), enabling them to escalate privileges and potentially gain unauthorized access to sensitive functionalities and data within GitLab repositories. It is essential for users and administrators to immediately review their GitLab versions and apply available patches to mitigate this risk.",Gitlab,Gitlab,8.8,HIGH,0.0006799999973736703,false,,false,false,true,2024-11-26T18:31:10.000Z,true,false,false,,2024-11-26T18:31:10.674Z,0
CVE-2024-8177,https://securityvulnerability.io/vulnerability/CVE-2024-8177,Denial of Service Vulnerability in GitLab CE/EE - Comprehensive Overview,"CVE-2024-8177 represents a critical denial of service vulnerability within GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability affects all versions starting from 15.6 up until 17.4.4, as well as versions 17.5 through 17.5.2 and versions 17.6 through 17.6.0. An attacker could exploit this vulnerability by integrating a malicious harbor registry, which could lead to a denial of service condition, interrupting service availability for users. It’s essential for GitLab users to update to the latest versions to mitigate this risk effectively.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:31:05.000Z,true,false,false,,2024-11-26T18:31:05.665Z,0
CVE-2024-8237,https://securityvulnerability.io/vulnerability/CVE-2024-8237,Denial of Service Vulnerability in GitLab CE/EE Products,"CVE-2024-8237 is a critical Denial of Service (DoS) vulnerability identified in GitLab Community Edition (CE) and Enterprise Edition (EE). This issue affects all versions prior to 12.6 and includes specific versions 17.4.5, 17.5.3, and 17.6.1. Attackers can exploit this vulnerability by sending a maliciously crafted cargo.toml file, leading to service disruptions. Organizations utilizing affected versions are urged to update immediately to reduce the risk of potential exploitation.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:31:00.000Z,true,false,false,,2024-11-26T18:31:00.676Z,0
CVE-2024-9633,https://securityvulnerability.io/vulnerability/CVE-2024-9633,Incorrect Ownership Assignment in GitLab,"A significant issue has been identified in GitLab CE/EE, where an attacker can manipulate the creation of groups with names that intercept existing unique Pages domains. This situation leads to potential domain confusion, wherein users may unknowingly interact with malicious content or entities masquerading under the guise of legitimate Pages traffic. The vulnerability affects GitLab versions 16.3 through 17.4.2, 17.5 through 17.5.4, and 17.6 through 17.6.2, highlighting the need for users to adopt precise configurations and oversight. More information can be found in GitLab's issue tracking and in related bug bounty reports documenting the technical exploits associated with this vulnerability.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-14T14:15:00.000Z,true,false,false,,2024-11-14T14:15:00.000Z,0
CVE-2024-6826,https://securityvulnerability.io/vulnerability/CVE-2024-6826,GitLab Discovers Security Issue Allowing Denial of Service Attacks,"An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.",Gitlab,Gitlab,6.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-10-24T08:30:58.000Z,true,false,false,,2024-10-24T09:30:58.183Z,0