gitlab-org/gitlab-pages

gitlab-org/gitlab-pages

Releases594

Frequency6 days 8 hours

Last Release 14 days ago

Stars140

GitLab Pages daemon used to serve static websites for GitLab users

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-14942 ↗	Apr 16, 2023Sunday, 16 April 2023, 00:15	5.9 MEDIUM	—
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.
CVE-2023-0042 ↗	Jan 12, 2023Thursday, 12 January 2023, 04:15	6.1 MEDIUM	—
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2022-1121 ↗	Apr 4, 2022Monday, 4 April 2022, 20:15	5.3 MEDIUM	5 MEDIUM
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
CVE-2021-22171 ↗	Jan 15, 2021Friday, 15 January 2021, 16:15	7.3 HIGH	4.3 MEDIUM
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2018-19572 ↗	Jul 10, 2019Wednesday, 10 July 2019, 16:15	—	4.3 MEDIUM
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.