cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-1539,https://securityvulnerability.io/vulnerability/CVE-2024-1539,API Update Disclosure Vulnerability in GitLab EE,"A vulnerability has been identified in GitLab EE, allowing a banned group member to access updates to issues through the API. This issue affects multiple versions, including releases from 15.2 to 16.9.7, 16.10 to 16.10.5, and 16.11 to 16.11.2. The flaw compromises the intended permissions model, potentially exposing sensitive data to unauthorized users.",Gitlab,Gitlab,4.3,MEDIUM,0.01,false,,false,false,true,2025-02-05T09:46:46.000Z,true,false,false,,2025-02-05T09:46:46.182Z,0
CVE-2023-6386,https://securityvulnerability.io/vulnerability/CVE-2023-6386,Denial of Service Vulnerability in GitLab CE/EE Products,"A denial of service vulnerability exists in GitLab CE/EE that impacts several versions, allowing attackers to significantly increase resource usage on the GitLab instance. This spike can lead to service degradation, affecting accessibility and reliability. Administrators are encouraged to review their systems and apply necessary updates to mitigate this risk.",Gitlab,Gitlab,6.5,MEDIUM,0.01,false,,false,false,true,2025-02-05T09:31:10.000Z,true,false,false,,2025-02-05T09:31:10.106Z,0
CVE-2024-1211,https://securityvulnerability.io/vulnerability/CVE-2024-1211,Cross-Site Request Forgery Vulnerability in GitLab CE/EE by GitLab,"A vulnerability has been identified in GitLab CE/EE that results in potential cross-site request forgery (CSRF) risks for instances utilizing JWT as an OmniAuth provider. This flaw affects multiple versions of GitLab, opening avenues for unauthorized command execution if exploited. Organizations using vulnerable versions should assess their configurations and implement necessary updates to mitigate potential attacks.",Gitlab,Gitlab,6.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T00:15:00.000Z,true,false,false,,2025-01-31T00:15:00.000Z,0
CVE-2023-6195,https://securityvulnerability.io/vulnerability/CVE-2023-6195,Server Side Request Forgery Vulnerability in GitLab CE/EE,"A Server Side Request Forgery vulnerability was identified in GitLab CE/EE, which affects a range of versions. An attacker can exploit this vulnerability by using a malicious URL in the markdown image value while importing a GitHub repository. This could potentially allow unauthorized access to internal services, making it crucial for users to update to the latest versions to mitigate this risk.",Gitlab,Gitlab,2.6,LOW,0.0004299999854993075,false,,false,false,true,2025-01-31T00:15:00.000Z,true,false,false,,2025-01-31T00:15:00.000Z,0
CVE-2025-0290,https://securityvulnerability.io/vulnerability/CVE-2025-0290,Unresponsive Background Jobs in GitLab CE/EE Versions,"A flaw has been identified in GitLab CE/EE that affects all versions starting from 15.0 before 17.5.5, from 17.6 before 17.6.3, and from 17.7 before 17.7.1. This vulnerability can lead to situations where the processing of CI artifacts metadata results in background jobs failing to respond, which may disrupt continuous integration processes. It is essential for organizations using affected versions to assess their systems and implement necessary updates to maintain operational efficiency.",Gitlab,Gitlab,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T08:45:09.560Z,0
CVE-2024-11931,https://securityvulnerability.io/vulnerability/CVE-2024-11931,GitLab CE/EE Developer Role Vulnerability,"A security issue has been identified in GitLab CE/EE that could potentially allow users with a developer role to extract sensitive protected CI variables through the CI lint feature. This vulnerability affects multiple versions of the software, specifically from 17.0 up to 17.6.4, from 17.7 up to 17.7.3, and from 17.8 up to 17.8.1. It highlights a significant risk for projects that rely on the confidentiality of their CI settings, emphasizing the need for immediate action to secure these variables against unauthorized access. The issue has raised concerns within the community, prompting discussions about optimal permission settings and the safeguarding of sensitive data.",Gitlab,Gitlab,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-24T03:02:16.074Z,0
CVE-2025-0314,https://securityvulnerability.io/vulnerability/CVE-2025-0314,Cross-Site Scripting Vulnerability in GitLab CE/EE,"A cross-site scripting vulnerability was identified in GitLab CE/EE that impacts a range of versions. The flaw arises from improper rendering of certain file types, potentially allowing attackers to execute scripts in the context of a user's browser. This could lead to unauthorized actions on behalf of the user, compromising sensitive information or system integrity. Users are advised to review their systems and apply the necessary updates to mitigate any risks associated with this vulnerability.",Gitlab,Gitlab,8.7,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-24T02:30:44.000Z,true,false,false,,2025-01-24T02:30:44.273Z,34
CVE-2024-13041,https://securityvulnerability.io/vulnerability/CVE-2024-13041,SAML Configuration Flaw in GitLab CE/EE Leading to Unauthorized Access,"A vulnerability exists in GitLab CE/EE that affects all versions starting from 16.4 prior to 17.5.5, 17.6 prior to 17.6.3, and 17.7 prior to 17.7.1. This flaw occurs when users are created through a SAML provider, where the 'external groups' setting may override the intended external provider configuration. Consequently, users may not be designated as external, inadvertently granting them access to internal projects and groups, thus compromising access controls.",Gitlab,Gitlab,4.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T06:33:13.241Z,0
CVE-2024-6324,https://securityvulnerability.io/vulnerability/CVE-2024-6324,Denial of Service Vulnerability in GitLab CE/EE by GitLab,"A Denial of Service vulnerability was identified in GitLab CE/EE that could allow attackers to create cyclic references between epics, leading to resource exhaustion and potential service disruption. This issue affects all versions from 15.7 to 17.5.5, 17.6 from its release to 17.6.3, and 17.7 up until 17.7.1. Properly handling of epics is crucial to prevent this vulnerability from being exploited.",Gitlab,Gitlab,4.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-01-09T06:02:46.000Z,true,false,false,,2025-01-09T06:02:46.213Z,0
CVE-2024-12431,https://securityvulnerability.io/vulnerability/CVE-2024-12431,Unauthorized Issue Status Manipulation in GitLab CE/EE Products,"A vulnerability exists in GitLab CE/EE that enables unauthorized users to alter the status of issues in public projects. This flaw affects all versions from 15.5 to prior to 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1. Exploitation could lead to confusion and mismanagement in project workflows, as users not authenticated to the system could manipulate issue tracking features in ways not intended by project owners.",GitLab,,,,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-08T21:15:00.000Z,0
CVE-2025-0194,https://securityvulnerability.io/vulnerability/CVE-2025-0194,Access Token Logging Vulnerability in GitLab CE/EE,"A vulnerability has been identified in GitLab CE/EE that affects several versions. Specifically, when certain conditions are met, access tokens may inadvertently be logged during API requests. This exposure occurs in GitLab versions starting from 17.4 to just before 17.5.1, versions from 17.6 up to 17.6.1, and from 17.7 up to 17.7.1. Users are encouraged to review their API request handling and update to the latest versions to mitigate potential risks.",Gitlab,Gitlab,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T20:15:00.000Z,0
CVE-2023-5117,https://securityvulnerability.io/vulnerability/CVE-2023-5117,Unauthorized File Access Vulnerability in GitLab Products,"An unauthorized access vulnerability was discovered in GitLab CE/EE versions before 17.6.0, which affects how files are handled in confidential issues and epics of public projects. Users may inadvertently expose sensitive files uploaded to comments due to the possibility of accessing these files through a direct link, without authentication. This issue raises significant privacy and data security concerns for users, particularly in collaborative environments where confidentiality is paramount. Users are urged to update to the latest version to mitigate potential risks.",Gitlab,Gitlab,3.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-25T14:46:47.927Z,0
CVE-2024-8116,https://securityvulnerability.io/vulnerability/CVE-2024-8116,Unauthorized Data Exposure Vulnerability in GitLab,"CVE-2024-8116 is a high-risk vulnerability affecting GitLab CE/EE across several versions, allowing unauthorized users to exploit a specific GraphQL query. If successfully executed, this vulnerability enables attackers to retrieve sensitive branch names from the GitLab repository under certain conditions, potentially leading to data leakage. The issue has been identified in versions prior to 17.4.6, 17.5.4, and 17.6.2, and it highlights significant implications for access controls and data privacy within affected instances of GitLab.",Gitlab,Gitlab,5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-12-16T04:31:08.000Z,true,false,false,,2024-12-16T04:31:08.730Z,0
CVE-2024-8650,https://securityvulnerability.io/vulnerability/CVE-2024-8650,Access Control Vulnerability in GitLab CE/EE Revealed,"CVE-2024-8650 is a high-risk access control vulnerability present in GitLab CE/EE, affecting versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. This vulnerability allows unauthorized non-member users to view unresolved threads marked as internal notes in public project merge requests. Such exposure could lead to the unintentional disclosure of sensitive information intended only for internal team members, which poses significant security risks. It is imperative for GitLab users to apply the necessary updates to protect against this vulnerability.",Gitlab,Gitlab,5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-12-16T04:30:58.000Z,true,false,false,,2024-12-16T04:30:58.662Z,0
CVE-2024-8647,https://securityvulnerability.io/vulnerability/CVE-2024-8647,GitLab Anti-CSRF Token Leak Vulnerability,"A security issue exists in GitLab that affects a range of versions where the Harbor integration feature is enabled. Under certain conditions, it is possible for the anti-CSRF token to be inadvertently exposed to an external site. This token is integral in protecting web applications from cross-site request forgery attacks. The affected versions span from 15.2 to 17.4.6, and include 17.5 prior to version 17.5.4, and 17.6 before version 17.6.2. Organizations running self-hosted installations of GitLab should take immediate steps to review their configurations and update their systems to mitigate potential risks. Awareness and proactive management are essential to prevent exploitation of this vulnerability.",GitLab,,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-8179,https://securityvulnerability.io/vulnerability/CVE-2024-8179,GitLab CE/EE Vulnerability: XSS Through Improper Output Encoding,"An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.",GitLab,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-9387,https://securityvulnerability.io/vulnerability/CVE-2024-9387,Open Redirect Vulnerability in GitLab CE/EE,"CVE-2024-9387 is a security vulnerability found in GitLab Community Edition (CE) and Enterprise Edition (EE) that affects multiple versions from 11.8 through 17.4.6, 17.5 through 17.5.4, and 17.6 through 17.6.2. This vulnerability allows an attacker to exploit an open redirect condition in the releases API endpoint. By manipulating this endpoint, the attacker can redirect users to unauthorized external sites. The flaw has significant implications for API security, necessitating urgent attention from users of the affected GitLab versions.",Gitlab,Gitlab,6.4,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-8233,https://securityvulnerability.io/vulnerability/CVE-2024-8233,GitLab Experiences Denial of Service Vulnerability,"A denial of service vulnerability has been identified in GitLab Community Edition and Enterprise Edition, impacting all versions from 9.4 up to but not including 17.4.6, 17.5 up to but not including 17.5.4, and 17.6 up to but not including 17.6.2. An attacker may exploit this vulnerability by sending specially crafted requests for diff files associated with a commit or merge request, leading to potential service interruptions and unavailability for the affected GitLab instances. Mitigation strategies should be implemented promptly to reduce the risk of exploitation.",GitLab,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-11274,https://securityvulnerability.io/vulnerability/CVE-2024-11274,Session Data Exfiltration Vulnerability in GitLab CE/EE Affecting Multiple Versions,"A vulnerability exists in GitLab CE/EE that allows an injection of Network Error Logging (NEL) headers in Kubernetes proxy responses. This could potentially enable an attacker to exfiltrate sensitive session data. The issue affects multiple versions of GitLab, spanning from 16.1 to earlier versions of 17.6. Organizations utilizing these versions should be aware of the risk involved with the interaction of NEL headers in their configurations and take appropriate measures to mitigate potential exposure.",Gitlab,Gitlab,8.7,HIGH,0.0006099999882280827,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-9367,https://securityvulnerability.io/vulnerability/CVE-2024-9367,Uncontrolled CPU Consumption Vulnerability in GitLab CE/EE Could Lead to Denial of Service,"A vulnerability has been identified in GitLab CE/EE that affects versions 13.9 through to 17.4.6, 17.5 prior to 17.5.4, and 17.6 before 17.6.2. This vulnerability allows attackers to exploit the template parsing functionality, leading to uncontrolled CPU consumption. As a result, this may trigger a Denial of Service condition, severely impacting the availability of the service. Administrators are advised to review their systems for these specific versions and implement necessary updates or mitigations to prevent exploitation.",GitLab,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-10043,https://securityvulnerability.io/vulnerability/CVE-2024-10043,Information Disclosure Vulnerability in GitLab EE,"CVE-2024-10043 is a security vulnerability in GitLab EE that affects various versions, allowing group users to view sensitive incident titles through the Wiki History Diff feature. This flaw poses a significant risk of information disclosure, enabling unauthorized access to confidential data that could compromise project security and user privacy. It impacts all versions from 14.3 prior to 17.4.6, and includes a range of subsequent releases up to 17.6.2. Users are urged to apply the latest security updates to mitigate this risk.",Gitlab,Gitlab,3.1,LOW,0.0004299999854993075,false,,false,false,true,2024-12-12T12:15:00.000Z,true,false,false,,2024-12-12T12:15:00.000Z,0
CVE-2024-12570,https://securityvulnerability.io/vulnerability/CVE-2024-12570,Token Leakage Vulnerability in GitLab CE/EE,"CVE-2024-12570 is a high-risk vulnerability identified in GitLab CE/EE, compromising user session integrity. The flaw enables an attacker to exploit the CI_JOB_TOKEN of a victim to gain unauthorized access to their GitLab session token. This issue affects multiple versions of GitLab from version 13.7 up to 17.4.6, as well as versions 17.5 prior to 17.5.4 and 17.6 prior to 17.6.2. Organizations using these versions should prioritize patching to prevent potential exploitation.",Gitlab,Gitlab,6.7,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-12-12T11:30:44.000Z,true,false,false,,2024-12-12T11:30:44.818Z,0
CVE-2024-12292,https://securityvulnerability.io/vulnerability/CVE-2024-12292,Sensitive Information Retention in GitLab GraphQL Logs,"A vulnerability in GitLab CE/EE has been identified that affects various versions. This issue arises when sensitive information transmitted in GraphQL mutations is inadvertently logged within GraphQL logs. As a result, this can lead to the unintended exposure of sensitive data, raising privacy and security concerns for users. Affected versions include GitLab CE/EE from 11.0 up to 17.4.6, as well as 17.5 prior to 17.5.4 and 17.6 prior to 17.6.2. Mitigation strategies should focus on ensuring that sensitive data is adequately protected and not retained in log files.",Gitlab,Gitlab,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T11:30:39.823Z,0
CVE-2024-10240,https://securityvulnerability.io/vulnerability/CVE-2024-10240,Unauthenticated user may read private project MR information,"An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.",Gitlab,Gitlab,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-26T19:22:52.689Z,0
CVE-2024-11828,https://securityvulnerability.io/vulnerability/CVE-2024-11828,Denial of Service Vulnerability in GitLab CE/EE Affects Multiple Versions,"CVE-2024-11828 is a high-risk denial of service (DoS) vulnerability identified in GitLab CE/EE. This issue affects all versions from 13.2.4 prior to 17.4.5, from 17.5 before 17.5.3, and from 17.6 before 17.6.1. An attacker can exploit this vulnerability by sending forged API calls, leading to a potential DoS condition that can disrupt services and impact availability. This vulnerability represents a regression of a prior patch, making it crucial for users to update their systems to mitigate possible exploitation.",Gitlab,Gitlab,7.5,HIGH,0.0004600000102072954,false,,false,false,true,2024-11-26T18:41:19.000Z,true,false,false,,2024-11-26T18:41:19.280Z,0