cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9631,https://securityvulnerability.io/vulnerability/CVE-2024-9631,Performance Issue in GitLab CE/EE Affecting Diffs with Conflicts,"A performance issue has been identified in GitLab CE/EE versions that affects the responsiveness when viewing diffs of merge requests (MR) containing conflicts. This flaw emerges in all versions starting from 13.6 leading up to 17.2.9, and also impacts versions 17.3 prior to 17.3.5 and 17.4 prior to 17.4.2. Users might experience significant delays, affecting workflow efficiency during code review processes.",Gitlab,Gitlab,7.5,HIGH,0.01,false,,false,false,true,2025-02-05T10:30:51.000Z,true,false,false,,2025-02-05T10:30:51.252Z,0
CVE-2025-0314,https://securityvulnerability.io/vulnerability/CVE-2025-0314,Cross-Site Scripting Vulnerability in GitLab CE/EE,"A cross-site scripting vulnerability was identified in GitLab CE/EE that impacts a range of versions. The flaw arises from improper rendering of certain file types, potentially allowing attackers to execute scripts in the context of a user's browser. This could lead to unauthorized actions on behalf of the user, compromising sensitive information or system integrity. Users are advised to review their systems and apply the necessary updates to mitigate any risks associated with this vulnerability.",Gitlab,Gitlab,8.7,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-24T02:30:44.000Z,true,false,false,,2025-01-24T02:30:44.273Z,34
CVE-2024-11274,https://securityvulnerability.io/vulnerability/CVE-2024-11274,Session Data Exfiltration Vulnerability in GitLab CE/EE Affecting Multiple Versions,"A vulnerability exists in GitLab CE/EE that allows an injection of Network Error Logging (NEL) headers in Kubernetes proxy responses. This could potentially enable an attacker to exfiltrate sensitive session data. The issue affects multiple versions of GitLab, spanning from 16.1 to earlier versions of 17.6. Organizations utilizing these versions should be aware of the risk involved with the interaction of NEL headers in their configurations and take appropriate measures to mitigate potential exposure.",Gitlab,Gitlab,8.7,HIGH,0.0006099999882280827,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-11828,https://securityvulnerability.io/vulnerability/CVE-2024-11828,Denial of Service Vulnerability in GitLab CE/EE Affects Multiple Versions,"CVE-2024-11828 is a high-risk denial of service (DoS) vulnerability identified in GitLab CE/EE. This issue affects all versions from 13.2.4 prior to 17.4.5, from 17.5 before 17.5.3, and from 17.6 before 17.6.1. An attacker can exploit this vulnerability by sending forged API calls, leading to a potential DoS condition that can disrupt services and impact availability. This vulnerability represents a regression of a prior patch, making it crucial for users to update their systems to mitigate possible exploitation.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:41:19.000Z,true,false,false,,2024-11-26T18:41:19.280Z,0
CVE-2024-11669,https://securityvulnerability.io/vulnerability/CVE-2024-11669,Unauthorized Access to Sensitive Data Due to Overly Broad Token Scopes in GitLab CE/EE,"A security issue has been identified in GitLab CE/EE that affects multiple versions. The vulnerability arises from an overly broad application of token scopes which may allow unauthorized access to sensitive data through certain API endpoints. As a result, users may face risks related to data confidentiality and integrity. It is crucial for users of the affected products to evaluate their configurations and implement necessary security measures to mitigate potential exposure risks.",Gitlab,Gitlab,7.5,HIGH,0.0012100000167265534,false,,false,false,false,,,false,false,,2024-11-26T18:41:09.488Z,0
CVE-2024-8114,https://securityvulnerability.io/vulnerability/CVE-2024-8114,Privilege Escalation Vulnerability in GitLab Products,"CVE-2024-8114 is a critical privilege escalation vulnerability found in GitLab Community Edition (CE) and Enterprise Edition (EE). This security flaw affects all GitLab versions from 8.12 up to, but not including, 17.4.5, as well as versions 17.5 prior to 17.5.3 and 17.6 up to 17.6.1. The vulnerability occurs when an attacker gains access to a user's Personal Access Token (PAT), enabling them to escalate privileges and potentially gain unauthorized access to sensitive functionalities and data within GitLab repositories. It is essential for users and administrators to immediately review their GitLab versions and apply available patches to mitigate this risk.",Gitlab,Gitlab,8.8,HIGH,0.0006799999973736703,false,,false,false,true,2024-11-26T18:31:10.000Z,true,false,false,,2024-11-26T18:31:10.674Z,0
CVE-2024-8177,https://securityvulnerability.io/vulnerability/CVE-2024-8177,Denial of Service Vulnerability in GitLab CE/EE - Comprehensive Overview,"CVE-2024-8177 represents a critical denial of service vulnerability within GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability affects all versions starting from 15.6 up until 17.4.4, as well as versions 17.5 through 17.5.2 and versions 17.6 through 17.6.0. An attacker could exploit this vulnerability by integrating a malicious harbor registry, which could lead to a denial of service condition, interrupting service availability for users. It’s essential for GitLab users to update to the latest versions to mitigate this risk effectively.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:31:05.000Z,true,false,false,,2024-11-26T18:31:05.665Z,0
CVE-2024-8237,https://securityvulnerability.io/vulnerability/CVE-2024-8237,Denial of Service Vulnerability in GitLab CE/EE Products,"CVE-2024-8237 is a critical Denial of Service (DoS) vulnerability identified in GitLab Community Edition (CE) and Enterprise Edition (EE). This issue affects all versions prior to 12.6 and includes specific versions 17.4.5, 17.5.3, and 17.6.1. Attackers can exploit this vulnerability by sending a maliciously crafted cargo.toml file, leading to service disruptions. Organizations utilizing affected versions are urged to update immediately to reduce the risk of potential exploitation.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:31:00.000Z,true,false,false,,2024-11-26T18:31:00.676Z,0
CVE-2024-9633,https://securityvulnerability.io/vulnerability/CVE-2024-9633,Incorrect Ownership Assignment in GitLab,"A significant issue has been identified in GitLab CE/EE, where an attacker can manipulate the creation of groups with names that intercept existing unique Pages domains. This situation leads to potential domain confusion, wherein users may unknowingly interact with malicious content or entities masquerading under the guise of legitimate Pages traffic. The vulnerability affects GitLab versions 16.3 through 17.4.2, 17.5 through 17.5.4, and 17.6 through 17.6.2, highlighting the need for users to adopt precise configurations and oversight. More information can be found in GitLab's issue tracking and in related bug bounty reports documenting the technical exploits associated with this vulnerability.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-14T14:15:00.000Z,true,false,false,,2024-11-14T14:15:00.000Z,0
CVE-2024-9693,https://securityvulnerability.io/vulnerability/CVE-2024-9693,Unauthorized Access to Kubernetes Agent in GitLab CE/EE Clusters,"A vulnerability affecting GitLab CE/EE could allow unauthorized access to the Kubernetes agent within clusters configured in specific ways. This issue impacts all versions of GitLab starting from 16.0 up to 17.3.6, starting from 17.4 up to 17.4.3, and starting from 17.5 up to 17.5.1. Organizations using these versions should evaluate their configurations and apply necessary updates to maintain the integrity of their Kubernetes environments.",Gitlab,Gitlab,8.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-14T11:15:00.000Z,0
CVE-2024-8970,https://securityvulnerability.io/vulnerability/CVE-2024-8970,GitLab Pipeline Attack Vulnerability Affects Multiple Versions,"A vulnerability in GitLab CE/EE enables attackers to trigger a pipeline as a different user under specific conditions. This flaw impacts a range of versions, making it crucial for users to apply necessary security patches. The affected versions include all releases starting from 11.6 up to but not including 17.2.9, starting from 17.3 up to but not including 17.3.5, and starting from 17.4 up to but not including 17.4.2. Users are advised to review their configurations and apply updates to mitigate potential risks.",Gitlab,Gitlab,8.8,HIGH,0.0006799999973736703,false,,false,false,true,2024-10-11T11:30:37.000Z,true,false,false,,2024-10-11T12:30:37.109Z,0
CVE-2024-9164,https://securityvulnerability.io/vulnerability/CVE-2024-9164,Arbitrary Pipeline Access Vulnerability in GitLab EE,"An identified issue in GitLab EE allows unauthorized execution of pipelines on arbitrary branches for certain versions of the product. This flaw specifically impacts versions ranging from 12.5 to 17.2.9, all releases starting from 17.3 but prior to 17.3.5, and 17.4 versions before 17.4.2. Exploitation of this vulnerability can lead to unapproved modifications and operations within projects, potentially compromising the integrity and security of the software development lifecycle. Immediate remediation and updates to the latest, secure versions are highly recommended to mitigate risks.",Gitlab,Gitlab,8.8,HIGH,0.0006799999973736703,false,,true,false,true,2024-10-11T10:30:42.000Z,true,true,false,,2024-10-11T11:30:42.233Z,5601
CVE-2024-8977,https://securityvulnerability.io/vulnerability/CVE-2024-8977,GitLab EE Vulnerable to SSRF Attacks,"A vulnerability exists in GitLab EE that affects specific versions of the software, particularly those with the Product Analytics Dashboard enabled. This flaw exposes instances to Server-Side Request Forgery (SSRF) attacks, potentially allowing an attacker to manipulate server requests to internal systems, leading to unauthorized access or data leakage. Updates are recommended for all affected versions to enhance security and mitigate risks associated with this vulnerability.",Gitlab,Gitlab,8.1,HIGH,0.0006799999973736703,false,,false,false,true,2024-10-10T09:02:10.000Z,true,false,false,,2024-10-10T10:02:10.914Z,0
CVE-2023-3441,https://securityvulnerability.io/vulnerability/CVE-2023-3441,Insufficient Warning on Merge Rights for Protected Branches,"A significant issue has been identified in GitLab EE/CE affecting versions from 8.0 to 16.4, where users are not sufficiently warned about the security implications associated with granting merge rights to protected branches. This oversight can potentially expose repositories to unauthorized changes, making it critical for teams using GitLab to review their merge rights protocols and ensure that access controls are effectively enforced. Users are encouraged to assess their branch protection settings and apply the necessary precautions to maintain the integrity of their codebase.",Gitlab,Gitlab,9.1,CRITICAL,0.0009599999757483602,false,,false,false,true,2024-10-01T08:47:16.000Z,true,false,false,,2024-10-01T09:47:16.444Z,0
CVE-2024-8641,https://securityvulnerability.io/vulnerability/CVE-2024-8641,Privilege Context Switching Error in GitLab,"A security issue in GitLab CE and EE has been identified, where an attacker with access to a victim's CI_JOB_TOKEN could potentially retrieve the GitLab session token belonging to the victim. This vulnerability affects all versions from 13.7 before 17.1.7, from 17.2 before 17.2.5, and from 17.3 before 17.3.2. Steps are being taken to mitigate the risk associated with this vulnerability by implementing security patches and improving the overall security architecture.",Gitlab,Gitlab,8.8,HIGH,0.0006799999973736703,false,,false,false,true,2024-09-12T18:15:00.000Z,true,false,false,,2024-09-12T19:15:00.000Z,0
CVE-2024-6678,https://securityvulnerability.io/vulnerability/CVE-2024-6678,Security Vulnerability Impacts All Versions of GitLab,"A security issue in GitLab CE and EE has been identified that allows an attacker to trigger a pipeline as an arbitrary user under specific conditions. This vulnerability affects multiple versions, including all releases from version 8.14 up to 17.1.7, as well as from version 17.2 up to 17.2.5 and from 17.3 up to 17.3.2. The flaw highlights weaknesses in permission handling, potentially leading to unauthorized actions within the GitLab environment.",Gitlab,Gitlab,8.8,HIGH,0.0009500000160187483,false,,true,false,true,2024-09-12T17:26:33.000Z,true,false,false,,2024-09-12T18:26:33.060Z,0
CVE-2024-2743,https://securityvulnerability.io/vulnerability/CVE-2024-2743,Incorrect Authorization in GitLab,"A vulnerability has been identified in GitLab-EE that affects versions starting from 13.3 up to 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. This issue can enable attackers to alter on-demand DAST scans without appropriate permissions, leading to potential exposure of sensitive variables. The implications of this vulnerability necessitate immediate attention to prevent unauthorized access and ensure the integrity of data security practices.",Gitlab,Gitlab,9.1,CRITICAL,0.0012600000482052565,false,,false,false,true,2024-09-12T16:15:00.000Z,true,false,false,,2024-09-12T17:15:00.000Z,0
CVE-2024-8754,https://securityvulnerability.io/vulnerability/CVE-2024-8754,Improper Input Validation in GitLab EE/CE Affects Multiple Versions,"A vulnerability in GitLab EE/CE allows attackers to exploit improper input validation issues. This occurs when JWT authentication is configured, enabling attackers to link arbitrary unclaimed provider identities to existing accounts. The flaw impacts multiple versions, making it critical for users to upgrade to secure releases to prevent account squatting and unauthorized access to sensitive data.",Gitlab,Gitlab,8.1,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-09-12T17:15:00.000Z,0
CVE-2024-8640,https://securityvulnerability.io/vulnerability/CVE-2024-8640,Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab,"An issue has been identified within GitLab EE that affects various versions from 16.11 to 17.1.7, and from 17.2 to 17.2.5, as well as from 17.3 to 17.3.2. The vulnerability arises due to incomplete input filtering, which allows an attacker to inject malicious commands into a connected Cube server. This flaw potentially enables unauthorized execution of commands, which could lead to further exploitation or compromise of the affected system.",Gitlab,Gitlab,8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-12T16:15:00.000Z,true,false,false,,2024-09-12T17:15:00.000Z,0
CVE-2024-8124,https://securityvulnerability.io/vulnerability/CVE-2024-8124,Inefficient Regular Expression Complexity in GitLab,"A vulnerability exists in GitLab Community Edition (CE) and Enterprise Edition (EE) across multiple versions, stemming from improper handling of specific POST requests. This vulnerability can lead to Denial of Service, potentially impacting system availability by resulting in unresponsive behavior. The affected versions must be addressed promptly to prevent exploitation and maintain system integrity. For technical details and potential exploit scenarios, refer to GitLab Issue #480533 and HackerOne Bug Bounty Report #2634880.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-09-12T16:15:00.000Z,true,false,false,,2024-09-12T17:15:00.000Z,0
CVE-2024-4660,https://securityvulnerability.io/vulnerability/CVE-2024-4660,Missing Authorization in GitLab,"An issue exists in GitLab EE where guests are able to access the source code of private projects by leveraging group templates. This vulnerability affects a range of versions: all versions starting from 11.2 before 17.1.7, starting from 17.2 before 17.2.5, and starting from 17.3 before 17.3.2. The exploit reveals critical permissions flaws that enable unauthorized users to infiltrate project confidentiality, raising serious concerns regarding access control within collaborative development environments.",Gitlab,Gitlab,7.5,HIGH,0.0012100000167265534,false,,false,false,true,2024-09-12T16:15:00.000Z,true,false,false,,2024-09-12T17:15:00.000Z,0
CVE-2024-8631,https://securityvulnerability.io/vulnerability/CVE-2024-8631,Privilege Defined With Unsafe Actions in GitLab,"A privilege escalation vulnerability has been identified in GitLab EE, allowing users assigned to the Admin Group Member custom role to inadvertently escalate their privileges to access other custom roles. This issue affects multiple versions of the product, including all releases from 16.6 before 17.1.7, from 17.2 before 17.2.5, and from 17.3 before 17.3.2. The vulnerability highlights a potential security oversight, emphasizing the importance of robust access control mechanisms within the platform.",Gitlab,Gitlab,7.2,HIGH,0.0006799999973736703,false,,false,false,true,2024-09-12T16:15:00.000Z,true,false,false,,2024-09-12T17:15:00.000Z,0
CVE-2024-2800,https://securityvulnerability.io/vulnerability/CVE-2024-2800,Denial of Service Vulnerability in GitLab RefMatcher Affects All Prior Versions,"The vulnerability in GitLab's RefMatcher arises from a ReDoS flaw when matching branch names with wildcards. This issue affects multiple versions of GitLab EE and CE, enabling potential denial of service attacks due to excessive Regex backtracking. Attackers could exploit this vulnerability to degrade performance or cause service disruptions, thereby impacting users' ability to manage version control effectively. Organizations using affected versions must prioritize addressing this flaw to maintain system integrity and protect against service interruptions.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-08-08T09:31:37.000Z,true,false,false,,2024-08-08T10:31:37.860Z,0
CVE-2024-3035,https://securityvulnerability.io/vulnerability/CVE-2024-3035,GitLab Permission Check Vulnerability Affects User Repositories,"A vulnerability in GitLab CE and EE products allows a permission check issue that affects all versions from 8.12 up to, but not including, 17.0.6, as well as 17.1 prior to 17.1.4 and 17.2 prior to 17.2.2. This flaw permits LFS tokens to gain unauthorized read and write access to user-owned repositories, possibly compromising sensitive data and project integrity while allowing malicious actors to manipulate repository contents without proper authorization. The issue has been tracked for resolution and requires immediate attention for users relying on these GitLab versions.",Gitlab,Gitlab,8.1,HIGH,0.0006799999973736703,false,,false,false,true,2024-08-08T09:31:32.000Z,true,false,false,,2024-08-08T10:31:32.879Z,0
CVE-2024-6329,https://securityvulnerability.io/vulnerability/CVE-2024-6329,Diff Rendering Failure in GitLab CE/EE,"A vulnerability has been identified in GitLab CE/EE that affects multiple versions beginning from 8.16 up to 17.0.6, 17.1 up to 17.1.4, and 17.2 up to 17.2.2. This issue occurs when the web interface fails to accurately render diffs due to improper handling of encoded paths. As a result, users may face difficulties in viewing changes, potentially leading to confusion or mistakes in development workflows. For further insights, refer to the [GitLab Issue #468937](https://gitlab.com/gitlab-org/gitlab/-/issues/468937) and the [HackerOne Bug Bounty Report #2542483](https://hackerone.com/reports/2542483).",Gitlab,Gitlab,7.5,HIGH,0.0004799999878741801,false,,false,false,true,2024-08-08T09:02:09.000Z,true,false,false,,2024-08-08T10:02:09.817Z,0