Releases169
Frequency2 weeks 1 day
Last Release
Full NodeJS implementation of the GitLab API. Supports Promises, Async/Await.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
>= 17.11.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite protected Maven package metadata due to incorrect authorization checks.

>= 13.6.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the Package Registry disabled due to incorrect authorization checks in the group packages feature.

>= 9.3.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.04.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.

>= 18.6.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.05.4 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without authorization.

>= 17.5.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.05.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks.

>= 18.6.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.03.1 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization checks.

>= 14.8.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.

>= 8.3.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.0

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mirror synchronization due to improper URL validation.

= 19.1.08.6 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

>= 13.11.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.05.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

>= 18.10.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.08 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.

>= 16.4.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.08.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of another user's session, due to improper sanitization of user-supplied input.

>= 17.9.0, < 18.11.6, >= 19.0.0, < 19.0.3, = 19.1.03.8 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configurations despite CI/CD visibility being disabled for the project.

>= 15.9.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.22.6 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply due to improper neutralization in email template processing.

>= 12.10.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request parsing middleware.

>= 15.9.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.23.7 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to improper input handling of file names.

>= 13.1.4, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.27.3 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper sanitization of user-supplied input in certain group setting fields.

>= 15.5.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.28.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper authorization in the Group SAML identity management functionality.

>= 18.10.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.25.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs.

>= 13.9.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.24.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even when the relevant feature was in a disabled state, due to incorrect authorization enforcement.

>= 15.10.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.25.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect authorization enforcements.

>= 17.10.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.26.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing a specially crafted file upload.

>= 12.0.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.23.1 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks.

>= 17.0.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization.

>= 17.1.0, < 18.10.8, >= 18.11.0, < 18.11.5, >= 19.0.0, < 19.0.28.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.

>= 18.9.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization enforcement.

>= 12.7.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended.

>= 18.8.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.08.2 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to improper user identity resolution when triggering Duo AI workflow runners.

>= 18.2.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.05.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

>= 18.7.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.04.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow restrictions under certain conditions.

>= 11.5.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.04.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to improper authorization checks.

>= 17.1.0, < 18.10.7, >= 18.11.0, < 18.11.4, = 19.0.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation.

>= 8.3.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.36.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation.

>= 15.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.32.6 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records.

>= 15.1.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks.

>= 16.4.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.38.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.

>= 18.8.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.33.5 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation.

>= 18.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.38.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

>= 18.11.0, < 18.11.35.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization.

>= 18.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.38.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.

>= 11.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests due to improper access control.

>= 11.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.36.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to missing CSRF protection.

>= 18.9.1, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.36.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authorization checks.

>= 16.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control.

>= 18.3.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control.

>= 17.6.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to improper authorization checks.

>= 13.7.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.35.8 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified.

>= 17.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization checks.

>= 11.9.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.36.5 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation.

>= 9.0.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.37.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation.

>= 16.0.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.36.8 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read_api scoped OAuth application to create issues and add comments to issues in private projects due to improper authorization.

>= 16.10.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.32.7 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or delete project approval rules due to missing authorization checks.

>= 18.5.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.37.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints.

>= 15.1.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access.

>= 18.5.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.37.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation.

>= 15.11.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.35.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitization.

>= 18.10.0, < 18.10.4, = 18.11.08 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.

>= 17.0.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.08.1 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.

>= 18.2.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.05.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.

>= 16.1.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.08 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input validation.

= 18.11.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process.

= 18.11.03.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

>= 12.4.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resource allocation limits in the GraphQL API.

>= 12.3.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation.

>= 9.2.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain conditions.

>= 11.2.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.02.7 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks.

>= 10.6.0, < 18.9.6, >= 18.10.0, < 18.10.4, = 18.11.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to a discussions endpoint.

>= 16.9.6, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.38.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.32.7 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.

>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.35.4 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

>= 18.6.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.34.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization.

>= 11.3.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.34.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.

>= 18.2.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.34.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.

>= 18.2, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.36.5 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.

>= 16.6.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.34.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.

>= 12.10.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.37.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

>= 18.0.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.35.7 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.

>= 13.0.0, < 18.8.9, >= 18.9.0, < 18.9.5, >= 18.10.0, < 18.10.37.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

>= 14.3.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.08.1 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.

>= 18.5.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.

>= 17.10.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.08.1 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.

>= 15.4.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.07.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.

>= 17.7.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.05.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams.

>= 7.11.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.06.8 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.

>= 11.10.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations.

>= 18.5.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.06.8 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.

>= 13.7.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.

>= 18.6.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.04.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control

>= 16.10.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.

>= 18.1.0, < 18.8.7, >= 18.9.0, < 18.9.3, = 18.10.03.7 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.

>= 8.14.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

>= 15.1.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD disabled due to improper authorization checks.

>= 8.11.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.25 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input validation in import functionality.

>= 12.6.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances.

>= 15.6.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances.

>= 1.0.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.24.1 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances.

>= 14.4.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the group import process under certain circumstances.

>= 18.9.0, < 18.9.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

>= 10.6.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.28.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

>= 10.0.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions.

>= 16.11.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON payloads in the protected branches API.

>= 16.11.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.26.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under certain conditions.

>= 9.3.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.26.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data.

>= 18.2.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.23.5 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions.

>= 15.5.0, < 18.7.6, >= 18.8.0, < 18.8.6, >= 18.9.0, < 18.9.22.2 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

>= 11.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses.

>= 14.4.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint.

>= 17.11.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.04.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.

= 18.9.05.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.

>= 16.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.08 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI.

>= 9.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under certain conditions.

>= 12.2.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.

>= 9.0.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI triggers via the API.

>= 17.7.0, < 18.7.5, >= 18.8.0, < 18.8.5, = 18.9.04.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.

>= 18.6.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.43.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.

>= 8.0.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.46.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.

>= 16.7.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.44.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint.

>= 18.8.0, < 18.8.44.6 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

>= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.46.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.

>= 15.6.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.46.5 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.

>= 18.4.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.47.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits.

>= 18.6.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.43.7 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint.

>= 10.8.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.47.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

>= 18.2.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.48 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.

>= 13.9.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.47.3 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case titles.

>= 17.11.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.43.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API.

>= 18.0.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.44.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.

>= 17.1.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.47.3 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow.

>= 18.0.0, < 18.6.6, >= 18.7.0, < 18.7.4, >= 18.8.0, < 18.8.45.4 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server.

>= 16.8.0, < 18.5.03.1 LOW

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions.

>= 12.3.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.25.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests.

>= 18.6.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.27.4 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.

>= 17.7.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.

>= 11.9.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.

>= 17.1.0, < 18.6.4, >= 18.7.0, < 18.7.2, >= 18.8.0, < 18.8.26.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection.

>= 15.10.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.27.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

>= 18.2.2, < 18.5.5, >= 18.6.0, < 18.6.3, = 18.7.08.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

>= 10.3.0, < 18.5.5, >= 18.6.0, < 18.6.3, >= 18.7.0, < 18.7.13.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.

>= 18.4.0, < 18.5.5, >= 18.6.0, < 18.6.3, = 18.7.07.1 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.

>= 18.5.0, < 18.5.5, >= 18.6.0, < 18.6.3, = 18.7.06.5 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.

>= 18.6.0, < 18.6.3, = 18.7.08 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage.

>= 8.3.0, < 18.5.5, >= 18.6.0, < 18.6.3, = 18.7.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls.

>= 15.4.0, < 18.5.5, >= 18.6.0, < 18.6.3, = 18.7.05.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations.

>= 15.6.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.23.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into merge request titles.

>= 15.11.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.28 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swagger UI."

>= 17.1.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.27.7 HIGH

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays.

>= 11.10.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.26.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images.

>= 13.1.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.26.8 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.

>= 13.2.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.24.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries.

>= 17.5.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests.

>= 6.3.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.26.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters.

>= 18.4.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.28.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content.

>= 11.10.0, < 18.4.6, >= 18.5.0, < 18.5.4, >= 18.6.0, < 18.6.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits.

>= 18.4.0, < 18.4.5, >= 18.5.0, < 18.5.3, >= 18.6.0, < 18.6.17.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.

>= 13.7.0, < 18.4.5, >= 18.5.0, < 18.5.3, = 18.6.04.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.

>= 8.3.0, < 18.4.5, >= 18.5.0, < 18.5.3, = 18.6.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing.

>= 13.2.0, < 18.4.5, >= 18.5.0, < 18.5.3, = 18.6.02 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions.

>= 18.3.0, < 18.4.5, >= 18.5.0, < 18.5.3, = 18.6.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests.

>= 17.10.0, < 18.4.5, >= 18.5.0, < 18.5.3, = 18.6.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads.

>= 13.7.0, < 18.2.8, >= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.25 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.

>= 16.9.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.23.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns.

>= 17.9.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.23.1 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by authenticating through OAuth providers.

>= 13.2.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.25.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even when repository access was disabled.

>= 17.9.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.23.5 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.

>= 17.6.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.24.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests.

>= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.23.1 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses.

>= 16.7.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections.

>= 18.1.0, < 18.3.6, >= 18.4.0, < 18.4.4, >= 18.5.0, < 18.5.24.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.

>= 17.1.0, < 18.3.5, >= 18.4.0, < 18.4.3, = 18.5.08.5 HIGH

GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.

>= 18.4.0, < 18.4.3, = 18.5.02.7 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow.

>= 11.7.0, < 18.3.5, >= 18.4.0, < 18.4.3, = 18.5.06.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints.

>= 11.0.0, < 18.3.5, >= 18.4.0, < 18.4.3, = 18.5.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads.

>= 17.6.0, < 18.3.5, >= 18.4.0, < 18.4.3, = 18.5.03.7 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions.

>= 10.6.0, < 18.3.5, >= 18.4.0, < 18.4.3, = 18.5.06.5 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits.

>= 17.10.0, < 18.3.5, >= 18.4.0, < 18.4.3, = 18.5.07.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.

>= 5.2.0, < 18.2.8, >= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.24.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses.

>= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.27.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.

>= 13.12.0, < 18.2.8, >= 18.3.0, < 18.3.4, >= 18.4.0, < 18.4.27.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs.

>= 11.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.07.5 HIGH

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.

>= 17.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.03.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project.

>= 17.2.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.04.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries.

>= 17.4.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.03.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.

>= 14.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.07.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.

>= 14.10.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.08.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.

>= 16.6.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.06.5 MEDIUM

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.

>= 18.1.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.03.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.

>= 16.6.0, < 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.03.8 LOW

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.

< 18.2.7, >= 18.3.0, < 18.3.3, = 18.4.07.5 HIGH

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.

>= 15.1.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.24.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces.

>= 7.8.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by uploading large files.

>= 15.0.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes.

>= 16.11.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.28.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

>= 7.12.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.27.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses.

>= 10.7.0, < 18.1.6, >= 18.2.0, < 18.2.6, >= 18.3.0, < 18.3.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.

< 18.1.5, >= 18.2.0, < 18.2.5, = 18.3.05 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports.

>= 8.15.0, < 18.1.5, >= 18.2.0, < 18.2.5, = 18.3.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses.

>= 14.1.0, < 18.1.5, >= 18.2.0, < 18.2.5, = 18.3.05.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests.

< 18.1.5, >= 18.2.0, < 18.2.5, = 18.3.05.8 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 18.0.0, < 18.0.66.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.

>= 18.0.0, < 18.0.4, >= 18.1.0, < 18.1.2, >= 15.7.0, < 17.11.65 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.28.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 14.2.0, < 18.0.68.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

>= 18.2.0, < 18.2.28.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 13.2.0, < 18.0.66.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 11.6.0, < 18.0.66.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 12.0.0, < 18.0.63.1 LOW

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 17.7.0, < 18.0.66.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

>= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.2, >= 8.1.4, < 18.0.66.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints.

>= 15.6.0, < 18.0.6, >= 18.1.0, < 18.1.4, >= 18.2.0, < 18.2.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints.

>= 18.1.0, < 18.1.3, = 18.2, >= 15.0.0, < 18.0.54.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable.

>= 18.1.0, < 18.1.3, = 18.2, >= 17.0.0, < 18.0.54.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.

>= 15.4, < 18.0.5, >= 18.1.0, < 18.1.3, = 18.24.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request.

>= 17.9.0, < 18.0.5, >= 18.1.0, < 18.1.3, = 18.24.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.

>= 15.10.0, < 18.0.5, >= 18.1.0, < 18.1.3, = 18.27.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks.

>= 15.10.0, < 18.0.5, >= 18.1.0, < 18.1.3, = 18.28.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS.

>= 18.0.0, < 18.0.4, >= 18.1.0, < 18.1.22.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

>= 18.0.0, < 18.0.4, >= 18.1.0, < 18.1.2, >= 17.11.0, < 17.11.68.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

>= 18.0.0, < 18.0.4, >= 18.1.0, < 18.1.22.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

>= 13.3.0, < 17.11.6, >= 18.0.0, < 18.0.4, >= 18.1.0, < 18.1.24.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

>= 16.10.0, < 17.11.5, >= 18.0.0, < 18.0.3, = 18.1.02.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.

>= 17.2.0, < 17.11.5, >= 18.0.0, < 18.0.3, = 18.1.04.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

>= 10.7.0, < 17.11.5, >= 18.0.0, < 18.0.3, = 18.1.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.

>= 17.3.0, < 17.11.5, >= 18.0.0, < 18.0.3, = 18.1.03.1 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants.

>= 17.2.0, < 17.11.5, >= 18.0.0, < 18.0.3, = 18.1.05.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.

>= 16.4.0, < 16.4.2, = 16.5.0, >= 16.0.0, < 16.3.63.1 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

>= 16.1.0, < 16.11.5, >= 17.0.0, < 17.0.3, = 17.1.08.1 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.

>= 7.10.0, < 16.11.5, >= 17.0.0, < 17.0.3, = 17.1.06.5 MEDIUM

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.

>= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.28.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.

>= 16.6.0, < 17.9.7, >= 17.10.0, < 17.10.5, = 17.11.08.7 HIGH

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

>= 17.0.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.24.1 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

>= 12.0.0, < 17.10.8, >= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.23.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

< 17.10.8, >= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.25.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

>= 17.9.0, < 17.10.7, >= 17.11.0, < 17.11.3, = 18.0.04.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

>= 17.7.0, < 17.10.8, >= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.27.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.

>= 18.0.0, < 18.0.28.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

>= 2.1.0, < 17.10.8, >= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

>= 8.7.0, < 17.10.8, >= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

>= 17.9.0, < 17.10.8, >= 17.11.0, < 17.11.4, >= 18.0.0, < 18.0.28.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.

>= 8.13.0, < 17.10.7, >= 17.11.0, < 17.11.3, = 18.0.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

>= 16.6.0, < 17.9.7, >= 17.10.0, < 17.10.5, = 17.11.08.7 HIGH

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

>= 12.1.0, < 17.10.7, >= 17.11.0, < 17.11.3, = 18.0.03.5 LOW

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

>= 11.6.0, < 17.10.7, >= 17.11.0, < 17.11.3, = 18.0.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

= 18.0.0, < 17.10.7, >= 17.11.0, < 17.11.37.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

= 18.0.0, >= 17.11.0, < 17.11.3, >= 17.1.0, < 17.10.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

>= 11.1.0, < 17.10.7, >= 17.11.0, < 17.11.3, = 18.0.06.8 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.

= 18.0.0, >= 17.11.0, < 17.11.3, >= 16.8.0, < 17.10.74.6 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

< 17.10.7, >= 17.11.0, < 17.11.3, = 18.0.04.9 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.

= 18.0.02.7 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

= 18.0.0, >= 17.11.0, < 17.11.3, >= 10.2.0, < 17.10.76.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..

= 18.0.0, < 17.10.7, >= 17.11.0, < 17.11.36.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.

>= 17.3.0, < 17.9.8, >= 17.10.0, < 17.10.6, >= 17.11.0, < 17.11.26.8 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.

>= 17.1.0, < 17.9.8, >= 17.10.0, < 17.10.6, >= 17.11.0, < 17.11.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.

>= 12.0.0, < 17.9.8, >= 17.10.0, < 17.10.6, >= 17.11.0, < 17.11.25.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

>= 17.7.0, < 17.9.7, >= 17.10.0, < 17.10.5, = 17.11.04.3 MEDIUM

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.

>= 16.6.0, < 17.9.7, >= 17.10.0, < 17.10.5, = 17.11.07.7 HIGH

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

>= 16.7.0, < 17.9.7, >= 17.10.0, < 17.10.5, = 17.11.06.5 MEDIUM

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

>= 7.7.0, < 17.8.7, >= 17.9.0, < 17.9.6, >= 17.10.0, < 17.10.46.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

>= 17.9.0, < 17.9.6, >= 17.10.0, < 17.10.43.7 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.

>= 13.12.0, < 17.8.7, >= 17.9.0, < 17.9.6, >= 17.10.0, < 17.10.45.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information.

<= 17.8.7, >= 17.9.0, < 17.9.6, >= 17.10.0, < 17.10.46.5 MEDIUM

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports.

>= 17.1.0, < 17.8.6, >= 17.1.0, < 17.8.7, >= 17.9.0, < 17.9.6, >= 17.10.0, < 17.10.46.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

>= 16.0.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.05.2 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects.

>= 12.10.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.04.3 MEDIUM

An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request.

>= 17.8.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.04.4 MEDIUM

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users.

>= 17.7.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.08.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.

>= 17.4.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.07.5 HIGH

An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.

>= 13.5.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.08.7 HIGH

An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.

>= 14.9.0, < 17.8.6, >= 17.9.0, < 17.9.3, = 17.10.03.7 LOW

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.

>= 17.2.0, < 17.7.7, >= 17.8.0, < 17.8.5, >= 17.9.0, < 17.9.23.7 LOW

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.

>= 16.9.0, < 17.7.7, >= 17.8.0, < 17.8.5, >= 17.9.0, < 17.9.24.3 MEDIUM

An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only.

>= 12.3.0, < 17.7.7, >= 17.8.0, < 17.8.5, >= 17.9.0, < 17.9.26.5 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs.

< 17.7.7, >= 17.8.0, < 17.8.5, >= 17.9.0, < 17.9.26.5 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.

>= 11.5.0, < 17.7.7, >= 17.8.0, < 17.8.5, >= 17.9.0, < 17.9.24.4 MEDIUM

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.

>= 16.5.0, < 17.7.7, >= 17.8.0, < 17.8.5, >= 17.9.0, < 17.9.22.7 LOW

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users.

>= 17.7.0, < 17.7.6, >= 17.8.0, < 17.8.4, = 17.9.04.3 MEDIUM

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

>= 17.5.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.23.1 LOW

An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."

>= 16.6.0, < 17.7.6, >= 17.8.0, < 17.8.4, = 17.9.07.7 HIGH

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

>= 17.8.0, < 17.8.4, = 17.9.0, >= 15.10.0, < 17.7.68.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.

>= 17.8.0, < 17.8.4, = 17.9.0, >= 16.2, < 17.7.65.3 MEDIUM

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML

>= 16.6.0, < 17.7.6, >= 17.8.0, < 17.8.4, = 17.9.05.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.

>= 16.0.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.26.4 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.

>= 16.11.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.24.2 MEDIUM

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.

>= 17.1.0, < 17.6.04.4 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.

>= 16.4.0, < 17.5.09.6 CRITICAL

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.

>= 15.11.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.24.3 MEDIUM

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.

>= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.24.3 MEDIUM

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.

>= 8.3.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.24.3 MEDIUM

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

>= 15.7.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.24.9 MEDIUM

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

>= 13.3.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.28.7 HIGH

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

>= 14.1.0, < 17.6.5, >= 17.7.0, < 17.7.4, >= 17.8.0, < 17.8.26.5 MEDIUM

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

>= 15.11.0, < 17.3.0, = 17.4.0, = 17.5.0, = 17.6.08.7 HIGH

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE

>= 7.14.1, < 17.3.7, >= 17.4.0, < 17.4.4, >= 17.5.0, < 17.5.2, >= 17.7.0, < 17.7.36.5 MEDIUM

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer.

>= 15.7.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.27.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names.

>= 14.0.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users.

>= 13.6.0, < 17.2.9, >= 17.3.0, < 17.3.5, >= 17.4.0, < 17.4.27.5 HIGH

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow.

< 16.11.6, >= 17.0.0, < 17.0.4, >= 17.1.0, < 17.1.23.5 LOW

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.

>= 16.0.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.24.4 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot.

>= 16.7.0, < 16.7.5, >= 16.8.0, < 16.8.2, >= 15.11.0, < 16.6.76.5 MEDIUM

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation.

>= 15.2.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.24.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API.

>= 10.6.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.26.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

>= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2, >= 15.5.0, < 16.9.72.6 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository.

>= 15.0.0, < 17.5.5, >= 17.6.0, < 17.6.3, = 17.7.04.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.

>= 17.2.0, < 17.6.4, >= 17.7.0, < 17.7.3, = 17.8.08.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

>= 17.0.0, < 17.6.4, >= 17.7.0, < 17.7.3, = 17.8.06.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.

>= 16.4.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.14.2 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.

>= 15.7.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.14.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics.

>= 15.5.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.14.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.

>= 17.4.0, < 17.5.5, >= 17.6.0, < 17.6.3, >= 17.7.0, < 17.7.16.5 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

< 17.6.03.7 LOW

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 16.9.0, < 17.4.65.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 15.0.0, < 17.4.65.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests.

>= 15.2.0, < 17.4.6, >= 17.5.0, < 17.5.4, >= 17.6.0, < 17.6.25.4 MEDIUM

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 9.4.0, < 17.4.67.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 13.9.0, < 17.4.64.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 11.8.0, < 17.4.66.4 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 17.3.0, < 17.4.65.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 11.0.0, < 17.4.64 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 16.1.0, < 17.4.68.7 HIGH

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 13.7.0, < 17.4.66.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.

>= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.4, >= 14.3.0, < 17.4.63.1 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.

>= 17.5.0, < 17.5.2, >= 17.4.0, < 17.4.4, >= 17.3.0, < 17.3.75.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.

= 17.6.0, >= 17.5.0, < 17.5.3, >= 12.6.0, < 17.4.56.5 MEDIUM

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

= 17.6.0, >= 17.5.0, < 17.5.3, >= 15.6.0, < 17.4.55.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

= 17.6.0, >= 17.5.0, < 17.5.3, >= 8.12.0, < 17.4.58.2 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.

= 17.6.0, >= 17.5.0, < 17.5.3, >= 13.2.4, < 17.4.54.3 MEDIUM

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.

= 17.6.0, >= 17.5.0, < 17.5.3, >= 16.9.8, < 17.4.56.5 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

>= 16.11.0, < 17.4.5, = 17.6.0, >= 17.5.0, < 17.5.34.2 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.

>= 16.3.0, < 17.4.2, >= 17.6.0, < 17.6.2, >= 17.5.0, < 17.5.43.1 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.

>= 17.5.0, < 17.5.2, >= 17.4.0, < 17.4.4, >= 16.0.0, < 17.3.76.1 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.

>= 17.5.0, < 17.5.2, >= 17.4.0, < 17.4.4, >= 17.2.0, < 17.3.76.8 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.

>= 17.5.0, < 17.5.2, >= 17.4.0, < 17.4.4, >= 16.0.0, < 17.3.78.5 HIGH

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.

>= 17.5.0, < 17.5.2, >= 17.4.0, < 17.4.4, >= 17.3.0, < 17.3.75.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.

>= 17.4.0, < 17.4.3, = 17.5.0, >= 15.10.0, < 17.3.68.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.

>= 11.2.0, < 17.3.6, >= 17.4.0, < 17.4.3, = 17.5.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 11.6.0, < 17.2.98.2 HIGH

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 12.5.0, < 17.2.99.6 CRITICAL

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 11.4.0, < 17.2.94.3 MEDIUM

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 17.1.0, < 17.2.97.3 HIGH

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 16.6.0, < 17.2.93.7 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 8.16.0, < 17.2.94.9 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.

>= 17.4.0, < 17.4.2, >= 17.3.0, < 17.3.5, >= 15.10, < 17.2.98.2 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.

>= 8.0.0, < 16.4.06.6 MEDIUM

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

>= 17.3.0, < 17.3.4, = 17.4.0, >= 15.6.0, < 17.2.82.6 LOW

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."

>= 17.3.0, < 17.3.4, = 17.4.0, >= 16.0.0, < 17.2.83.1 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.

>= 17.3.0, < 17.3.4, >= 16.5.0, < 17.2.8, = 17.4.05.5 MEDIUM

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 11.1.0, < 17.1.76.4 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 16.7.0, < 17.1.73.1 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.26.5 MEDIUM

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 8.14.0, < 17.1.79.9 CRITICAL

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 13.7.0, < 17.1.76.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 16.5.0, < 17.1.74 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 16.6.0, < 17.1.75.5 MEDIUM

A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 16.4.0, < 17.1.77.5 HIGH

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 16.8.0, < 17.1.77.7 HIGH

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 16.11.0, < 17.1.78.5 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.

>= 16.9.7, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.26.4 MEDIUM

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 15.10.0, < 17.1.74.5 MEDIUM

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 17.0.0, < 17.1.74.3 MEDIUM

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 17.1.0, < 17.1.73.5 LOW

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.

>= 13.3.0, < 17.1.7, >= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.25.3 MEDIUM

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 11.2.0, < 17.1.76.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates.

>= 17.2.0, < 17.2.5, >= 17.3.0, < 17.3.2, >= 12.9.0, < 17.1.76.4 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

>= 17.3.0, < 17.3.3, >= 17.2.0, < 17.2.7, >= 17.1.0, < 17.1.8, >= 17.0.0, < 17.0.8, < 16.11.1010 CRITICAL

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

>= 17.3.0, < 17.3.1, >= 17.2.0, < 17.2.4, >= 8.2.0, < 17.1.65.7 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.

>= 17.3.0, < 17.3.1, >= 17.2.0, < 17.2.4, >= 17.0.0, < 17.1.66.4 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

>= 17.3.0, < 17.3.1, >= 17.2.0, < 17.2.4, < 17.1.66.5 MEDIUM

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer.

>= 17.2.0, < 17.2.4, >= 12.5.0, < 17.1.6, = 17.3.04.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 13.9, < 17.0.64.9 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.

>= 17.2.0, < 17.2.2, >= 15.9.0, < 17.0.6, >= 17.1.0, < 17.1.44.3 MEDIUM

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 5.1.0, < 17.0.64.4 MEDIUM

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 1.0, < 17.0.66.5 MEDIUM

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 8.12.0, < 17.0.6, >= 17.1, < 17.1.46.8 MEDIUM

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 11.3.0, < 17.0.6, = *6.5 MEDIUM

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, < 17.0.65.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 11.10.0, < 17.0.64.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 12.6.0, < 17.0.66.5 MEDIUM

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 16.7.0, < 17.0.64.2 MEDIUM

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

>= 17.2.0, < 17.2.2, >= 17.1.0, < 17.1.4, >= 8.16.0, < 17.0.65.7 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.

>= 17.1, < 17.1.3, >= 17.2, < 17.2.1, >= 16.7, < 17.0.54.3 MEDIUM

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.

= 7.2.0, >= 17.1.0, < 17.1.3, >= 16.6.0, < 17.0.57.7 HIGH

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.

>= 17.1, < 17.1.3, >= 17.2, < 17.2.1, >= 15.6, < 17.0.54.1 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.

>= 17.1, < 17.1.3, >= 17.2, < 17.2.1, >= 15.4, < 17.0.52.6 LOW

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.

>= 17.1.0, < 17.1.3, = 17.2.0, >= 12.0.0, < 17.0.52.7 LOW

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.

>= 17.2, < 17.2.1, >= 17.1, < 17.1.3, >= 16.11, < 17.0.54.4 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.

>= 17.1.0, < 17.1.2, >= 17.0.0, < 17.0.4, >= 11.8.0, < 16.11.63 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.

>= 17.1.0, < 17.1.2, >= 17.0.0, < 17.0.4, >= 15.8.0, < 16.11.69.6 CRITICAL

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.

>= 17.1.0, < 17.1.2, >= 17.0.0, < 17.0.44.9 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.

>= 17.1.0, < 17.1.2, >= 17.0.0, < 17.0.43.8 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.

>= 17.1.0, < 17.1.2, >= 17.0.0, < 17.0.4, >= 16.5.0, < 16.11.62.7 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.3.0, < 16.11.56.8 MEDIUM

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.11.0, < 16.11.57.5 HIGH

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.9.0, < 16.11.58.7 HIGH

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 15.8.0, < 16.11.59.6 CRITICAL

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.10.0, < 16.11.56.8 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.0.0, < 16.11.54.3 MEDIUM

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 1.0.0, < 16.11.56.5 MEDIUM

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.7.0, < 16.11.56.5 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.1.0, < 16.11.53.1 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 16.9.0, < 16.11.55.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 12.0, < 16.11.55.3 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file.

= 17.1.0, >= 17.0.0, < 17.0.3, >= 9.2.0, < 16.11.56.5 MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server

>= 16.11.0, < 16.11.3, >= 16.10.0, < 16.10.63.1 LOW

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.

>= 17.0, < 17.0.2, >= 17.0, <= 17.0.2, >= 8.4, < 16.10.7, >= 16.11.0, < 16.11.46.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests.

>= 16.11.0, < 16.11.4, < 16.10.7, >= 17.0.0, < 17.0.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.

>= 5.1, < 16.10.7, >= 17.0.0, < 17.0.2, >= 16.11.0, < 16.111.44.4 MEDIUM

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.

>= 16.11.0, < 16.11.4, >= 17.0.0, < 17.0.2, >= 13.1, < 16.10.76.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.

>= 16.11.0, < 16.11.3, = 17.0.0, >= 11.11.0, < 16.10.64 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.

>= 16.11.0, < 16.11.3, = 17.0.0, >= 16.10.0, < 16.10.64.4 MEDIUM

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

>= 16.11.0, < 16.11.3, = 17.0.0, >= 13.11.0, < 16.10.65.4 MEDIUM

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).

>= 16.11.0, < 16.11.3, = 17.0.0, >= 13.2.4, < 16.10.64.3 MEDIUM

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.

< 16.10.6, >= 16.11.0, < 16.11.3, = 17.0.04.3 MEDIUM

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.

>= 16.11.0, < 16.11.3, = 17.0.0, >= 15.11.0, < 16.10.68 HIGH

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

< 16.10.6, >= 16.11.0, < 16.11.3, = 17.0.06.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

>= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2, >= 16.7.0, < 16.9.75.7 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

>= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2, >= 15.4.0, < 16.9.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.

>= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2, < 16.9.76.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.

>= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2, >= 15.11.0, < 16.9.76.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.

>= 16.11.0, < 16.11.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server.

>= 16.9.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server.

= 16.11.0, >= 16.10.0, < 16.10.4, >= 7.8.0, < 16.9.67.3 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.

= 16.11.0, >= 16.10.0, < 16.10.4, >= 16.7.0, < 16.9.64.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

= 16.11.0, >= 16.10.0, < 16.10.4, >= 12.5.0, < 16.9.67.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.

= 16.11.0, >= 16.10.0, < 16.10.4, < 16.9.64.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

= 16.11.0, >= 16.10.0, < 16.10.4, >= 16.9.0, < 16.9.68.5 HIGH

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

>= 16.10.0, < 16.10.2, >= 16.9.0, < 16.9.4, >= 16.7.0, < 16.8.68.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

>= 16.10.0, < 16.10.2, >= 16.9.0, < 16.9.4, < 16.8.64.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.

>= 16.10.0, < 16.10.2, >= 16.9.0, < 16.9.48.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.

>= 16.10.0, < 16.10.2, >= 16.9.0, < 16.9.4, >= 16.7.7, < 16.8.64.3 MEDIUM

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.

= 16.10.0, >= 16.9.0, < 16.9.3, < 16.8.54.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.

= 16.10.0, >= 16.9.0, < 16.9.3, < 16.8.58.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

>= 16.9.0, < 16.9.2, >= 16.8.0, < 16.8.4, >= 11.3, < 16.7.77.7 HIGH

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.

>= 16.9.0, < 16.9.2, >= 16.8.0, < 16.8.46.5 MEDIUM

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.

>= 16.8, < 16.8.3, >= 12.0, <= 16.76, = 16.9.04.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects

= 16.9.08.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."

= 16.9.0, >= 16.8, < 16.8.3, >= 16.1, < 16.7.65.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

>= 16.5.0, < 16.7.6, >= 16.8.0, <= 16.8.3, = 16.9.06.7 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

= 16.9.0, >= 16.8.0, < 16.8.3, >= 16.4.0, < 16.7.64.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

= 16.9.0, >= 16.8.0, < 16.8.3, >= 15.1.0, < 16.7.67.7 HIGH

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

= 16.9.0, <= 16.7.6, >= 16.8.0, <= 16.8.33.7 LOW

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group.

>= 16.8.0, < 16.8.26.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

= 16.4.3, = 16.5.3, = 16.6.16.5 MEDIUM

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

>= 16.7.0, < 16.7.5, >= 16.8.0, < 16.8.2, >= 16.4.0, < 16.6.76.7 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.

= 16.9.0, >= 16.8.0, < 16.8.3, >= 11.3.0, < 16.7.66.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.

>= 16.8.0, < 16.8.2, >= 16.7.0, < 16.7.5, >= 13.3.0, < 16.6.76.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`

= 16.8.0, >= 16.7.0, < 16.7.4, >= 12.7.0, < 16.6.66.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.

= 16.8.0, >= 16.7.0, < 16.7.4, < 16.6.65.3 MEDIUM

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

= 16.8.0, >= 16.7.0, < 16.7.4, >= 14.0.0, < 16.6.64.3 MEDIUM

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

= 16.8.0, >= 16.7.0, < 16.7.4, >= 16.0.0, < 16.5.8, >= 16.6.0, < 16.6.69.9 CRITICAL

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

= 16.8.0, >= 16.7.0, < 16.7.4, >= 13.7.0, < 16.6.66.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

= 16.7.0, = 16.7.1, >= 16.6.0, < 16.6.4, < 16.5.66.6 MEDIUM

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

= 16.7.0, = 16.7.1, = *, >= 16.6.0, < 16.6.4, >= 16.4.0, < 16.4.5, >= 16.1.0, < 16.1.6, >= 16.2.0, < 16.2.9, >= 16.3.0, < 16.3.7, >= 16.7.0, < 16.7.2, >= 16.5.0, < 16.5.610 CRITICAL

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

= 16.7.0, = 16.7.1, >= 16.6.0, < 16.6.4, >= 8.13.0, < 16.5.67.3 HIGH

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

= 16.7.0, = 16.7.1, >= 16.6.0, < 16.6.4, >= 15.3.0, < 16.5.57.6 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.

= 16.7.0, = 16.7.1, >= 12.2.0, < 16.5.6, >= 16.6.0, < 16.6.43.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

>= 16.5, < 16.5.4, >= 16.6, < 16.6.2, >= 16.0.0, < 16.4.44.9 MEDIUM

A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner

>= 16.6.0, < 16.6.2, >= 16.5.0, < 16.5.4, >= 16.3.0, < 16.4.44.8 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.

>= 16.5, < 16.5.4, >= 16.6, < 16.6.2, >= 11.6, < 16.4.47.4 HIGH

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.

< 16.4.4, >= 16.6.0, < 16.6.2, >= 16.5.0, < 16.5.45.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.

>= 16.6.0, < 16.6.2, >= 16.5.0, < 16.5.4, >= 9.3.0, < 16.4.44.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.

>= 16.5, < 16.5.4, >= 16.6, < 16.6.2, < 16.4.44.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.

>= 16.5, < 16.5.4, >= 8.17, < 16.4.4, >= 16.6, < 16.6.22 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 9.5.0, < 16.2.85.9 MEDIUM

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

>= 16.5.0, < 16.5.3, >= 16.2.0, < 16.4.3, = 16.6.04.4 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.

>= 16.4.0, < 16.4.3, >= 16.5.0, < 16.5.3, >= 15.10, < 16.6.18.7 HIGH

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.

>= 16.5.0, < 16.5.3, = 16.6.0, < 16.4.34.8 MEDIUM

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI.

>= 16.5.0, < 16.5.3, >= 10.5.0, < 16.4.3, = 16.6.02.6 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.

>= 16.5.0, < 16.5.3, >= 9.2.0, < 16.4.3, = 16.6.04.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.

>= 16.5.0, < 16.5.3, >= 8.13.0, < 16.4.3, = 16.6.03.1 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.

>= 16.5.0, < 16.5.3, >= 13.2.0, < 16.4.3, = 16.6.04.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.

>= 16.5.0, < 16.5.3, >= 11.3.0, < 16.4.3, = 16.6.05.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.

>= 16.5.0, < 16.5.3, >= 12.1.0, < 16.4.3, = 16.6.03.1 LOW

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 15.3.0, < 16.2.88.1 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.

>= 16.4.0, < 16.4.2, = 16.5.0, >= 14.7.0, < 16.3.63.5 LOW

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

>= 16.4.0, < 16.4.2, = 16.5.0, >= 13.9.0, <= 16.3.63.1 LOW

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

>= 16.4.0, < 16.4.2, = 16.5.0, < 16.3.64.3 MEDIUM

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

>= 12.10.0, < 12.10.7, = 13.0.0, >= 11.6.0, < 12.9.88.5 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.

>= 16.4.0, < 16.4.2, = 16.5.0, >= 12.3.0, < 16.3.64.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.

>= 16.4.0, < 16.4.2, = 16.5.0, >= 16.0.0, < 16.3.63.7 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.

>= 16.4.0, < 16.4.2, = 16.5.0, >= 16.2.0, < 16.3.66.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 13.12, < 16.2.88.2 HIGH

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 16.0.0, < 16.2.88.2 HIGH

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

>= 16.2, < 16.2.8, >= 16.3.0, < 16.3.5, = 16.4.06.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 8.15, < 16.2.83 LOW

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 8.15, < 16.2.84.3 MEDIUM

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.

>= 16.2, < 16.2.8, >= 16.3.0, < 16.3.5, = 16.4.04.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 11.11, < 16.2.85.4 MEDIUM

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 12.3, < 16.2.83.5 LOW

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.

>= 16.3.0, < 16.3.5, = 16.4.0, < 16.2.85.4 MEDIUM

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.

>= 16.3.0, < 16.3.5, = 16.4.0, < 16.2.84.3 MEDIUM

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 11.2, < 16.2.84.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 10.6, < 16.2.83.1 LOW

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 13.11, < 16.2.84.3 MEDIUM

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.

>= 16.3.0, < 16.3.5, = 16.4.0, >= 11.8, < 16.2.83.1 LOW

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.

>= 16.3, < 16.3.4, >= 13.12, < 16.2.78.2 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.

= 16.3.0, >= 16.2.0, < 16.2.5, >= 10.6.0, < 16.1.55 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.

= 16.3.0, >= 16.2, < 16.2.5, >= 11.8.0, < 16.1.55.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.

= 16.3.0, >= 16.2, < 16.2.5, >= 15.2.0, < 16.1.55.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.

= 16.3.0, >= 16.2, < 16.2.54.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.

= 16.3.0, >= 16.2, < 16.2.5, >= 15.11, < 16.1.56.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.

= 16.3.0, >= 16.2, < 16.2.55.5 MEDIUM

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.

= 16.3.0, >= 16.2, < 16.2.5, >= 16.1.0, < 16.1.56.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.

= 16.3.0, >= 16.2, < 16.2.5, >= 15.11, < 16.1.56.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.

= 16.3.0, >= 16.2, < 16.2.5, >= 4.1.0, < 16.1.52.6 LOW

An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.

= 16.3.0, >= 16.2, < 16.2.5, >= 15.2.0, < 16.1.52.7 LOW

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.

= 16.3.0, >= 16.2, < 16.2.5, >= 10.0.0, < 16.1.53.5 LOW

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.

= 16.3.0, >= 16.2, < 16.2.5, >= 13.12, < 16.1.55 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.

= *, < 16.2.04.3 MEDIUM

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.

>= 16.2.0, < 16.2.2, >= 16.1.0, < 16.1.3, >= 14.1.0, < 16.0.85.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 15.9.0, < 16.0.85.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

>= 16.2.0, < 16.2.2, >= 13.12.0, < 16.0.8, >= 16.1.0, < 16.1.38.2 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, < 16.0.84.8 MEDIUM

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, < 16.0.84.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

>= 15.11, < 16.2.24.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 10.0, < 16.0.84.8 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 9.3, < 16.0.87.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.34.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 14.3, < 16.0.84.9 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 8.14, < 16.0.87.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 8.10, < 16.0.86.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html).

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 12.9, < 16.0.83.1 LOW

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 15.2, < 16.0.86.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.

>= 16.2, < 16.2.2, >= 16.1, < 16.1.3, >= 15.9, < 16.0.85.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.

>= 3.0.29, < 4.0.55 MEDIUM

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

>= 16.0.0, < 16.0.6, = 16.1.05.3 MEDIUM

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

>= 16.1.0, < 16.1.2, >= 16.0.0, < 16.0.7, >= 12.8.0, < 15.11.118 HIGH

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.

>= 16.1, < 16.1.1, >= 16.0.0, < 16.0.6, >= 13.6, < 15.11.103.9 LOW

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1, >= 10.3.0, < 15.11.107.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.

>= 16.0.0, < 16.0.6, >= 15.3.0, < 15.11.10, >= 16.1.0, < 16.1.15.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches.

>= 16.0.0, < 16.0.6, = 16.1.05.3 MEDIUM

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.

>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1, >= 15.1.0, < 15.11.105.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.

>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1, >= 13.7.0, < 15.11.104.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.

>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1, >= 7.14.0, < 15.11.104.1 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.

>= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1, >= 13.10.0, < 15.11.106.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.

>= 16.1, < 16.1.1, >= 13.7, < 15.11.10, >= 16.0.0, < 16.0.63.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue.

>= 15.10, < 16.16.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix

= 15.10.0, >= 15.9.0, < 15.9.4, >= 15.7.0, < 15.8.56.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 8.7.0, < 15.10.87.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 12.0.0, < 15.10.87.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 14.1.0, < 15.10.84.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 12.0.0, < 15.10.85.9 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 1.2.0, < 15.10.82.6 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 15.8.0, < 15.10.84.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 15.4.0, < 15.10.83.1 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, < 15.10.84.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 15.7.0, < 15.10.83.1 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 13.2.4, < 15.10.86.5 MEDIUM

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.78.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.

>= 12.0.0, < 15.10.5, >= 15.11.0, < 15.11.16.5 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 15.4.0, < 15.10.87.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.

>= 16.0.0, < 16.0.2, >= 15.11.0, < 15.11.7, >= 8.3.0, < 15.10.84.3 MEDIUM

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

= 16.0.010 CRITICAL

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

>= 15.11.0, < 15.11.3, >= 15.10.0, < 15.10.7, < 15.9.86.3 MEDIUM

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.

>= 15.11.0, < 15.11.2, >= 15.10.0, < 15.10.6, >= 15.4.0, < 15.9.79.6 CRITICAL

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.

= 15.11.0, >= 15.10.0, < 15.10.56.8 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.

>= 8.6.0, < 15.9.6, >= 15.10, < 15.10.5, >= 15.11, < 15.11.15.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.

< 15.9.6, >= 15.10, < 15.10.5, >= 15.11, < 15.11.14.8 MEDIUM

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.

>= 15.10, < 15.10.5, >= 15.11, < 15.11.1, >= 15.2, < 15.9.64.9 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.

>= 15.10, < 15.10.5, >= 15.11, < 15.11.1, >= 8.6.0, < 15.9.63.1 LOW

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.

>= 10.0, < 12.9.8, >= 12.10.0, < 12.10.7, >= 13.0, < 13.0.16.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.

>= 15.10, < 15.10.5, >= 15.11, < 15.11.1, >= 14.2, < 15.9.66.8 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.

>= 15.10, < 15.10.5, >= 15.11, < 15.11.1, >= 11.9, < 15.9.65.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.

>= 15.10, < 15.10.5, >= 15.11, < 15.11.1, >= 5.1, < 15.9.64.4 MEDIUM

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances

< 15.8.5, >= 15.10, < 15.10.1, >= 15.9, < 15.9.55.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown

>= 15.11, < 15.11.1, >= 13.11, < 15.8.5, >= 15.9, < 15.9.46.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.

>= 10.0, < 12.9.8, >= 13.0, < 13.0.1, >= 12.10, < 12.10.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.

< 11.11.8, >= 12.0.0, < 12.0.6, >= 12.1.0, < 12.1.66.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

< 11.11.8, >= 12.0.0, < 12.0.6, >= 12.1.0, < 12.1.65.9 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.05.4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.07.5 HIGH

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.05.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.08.8 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.07.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.05.4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.04.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.09.8 CRITICAL

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.05.4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.

>= 11.2.0, < 11.2.4, < 11.1.7, = 11.3.07.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 15.5.0, < 15.8.53.1 LOW

An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 1.0.0, < 15.8.55.7 MEDIUM

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 15.0.0, < 15.8.55.3 MEDIUM

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 15.1.0, < 15.8.55.5 MEDIUM

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 8.1.0, < 15.8.53.7 LOW

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

= 15.10.0, >= 15.9.0, < 15.9.44.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 12.3.0, < 15.8.55.3 MEDIUM

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

= 15.10.0, >= 15.9.0, < 15.9.44.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 13.6.0, < 15.8.55.8 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 11.5.0, < 15.8.55.8 MEDIUM

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 11.10.0, < 15.8.53.1 LOW

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 15.6.0, < 15.8.5, >= 15.6.0, <= 15.8.55.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 11.10.0, < 15.8.55.8 MEDIUM

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.

= 15.10.0, >= 15.9.0, < 15.9.4, >= 12.8.0, < 15.8.56.1 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 15.5.0, < 15.7.85.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.

>= 15.9, < 15.9.2, >= 15.8, < 15.8.4, >= 15.1, < 15.7.85.7 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.

>= 15.9, < 15.9.2, >= 15.8, < 15.8.4, >= 9.0, < 15.7.84.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.

>= 15.9, < 15.9.2, >= 15.8, < 15.8.4, >= 13.7, < 15.7.88.7 HIGH

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 15.3.0, < 15.7.86.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 15.5.0, < 15.7.85.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 10.0.0, < 15.7.84.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 12.8.0, < 15.7.85 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, < 15.7.82.7 LOW

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 12.1.0, < 15.7.85.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.

>= 15.9.0, < 15.9.2, >= 15.8.0, < 15.8.4, >= 15.3, < 15.7.85.4 MEDIUM

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

>= 15.8, < 15.8.1, >= 15.7, < 15.7.6, >= 14.3, < 15.6.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.

>= 15.8, < 15.8.1, >= 15.7, < 15.7.6, < 15.6.76.4 MEDIUM

A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project.

>= 15.8, < 15.8.1, >= 15.7, < 15.7.6, >= 14.0, < 15.6.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

>= 15.8, < 15.8.1, >= 12.4, < 15.6.7, >= 15.7, < 15.7.66.5 MEDIUM

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 13.7.0, < 15.4.64.3 MEDIUM

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 11.3.0, < 15.4.63.5 LOW

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 1.0.0, < 12.9.86.3 MEDIUM

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

>= 15.5.0, < 15.5.5, < 15.4.6, >= 15.6, < 15.6.14.3 MEDIUM

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

= 15.6.05.7 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 9.3.0, < 15.4.65.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 9.3.0, < 15.4.65.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 12.9.0, < 15.4.66.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .

= 15.6.0, >= 15.5.0, < 15.5.5, >= 15.4.0, < 15.4.66.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 13.5.0, < 15.4.69.3 CRITICAL

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 12.8.0, < 15.4.64.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.

= 15.6.0, >= 15.5.0, < 15.5.5, >= 11.3.0, < 15.4.65.3 MEDIUM

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

>= 15.3.0, < 15.3.2, >= 15.2.0, < 15.2.4, >= 12.9, < 15.1.6, >= 12.9, <= 15.1.65.7 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 15.1.0, < 15.5.75.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 11.8.0, < 15.5.75.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 13.11.0, < 15.5.75.3 MEDIUM

Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 10.8.0, < 15.5.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 11.4.0, < 15.5.76.1 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, < 15.5.76.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 15.4.0, < 15.5.75.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, < 15.5.75.8 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 6.6.0, < 15.5.74.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.

>= 15.7.0, < 15.7.2, >= 15.6.0, < 15.6.4, >= 10.0.0, < 15.5.75.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, < 15.3.55.3 MEDIUM

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 7.14.0, < 15.3.53.1 LOW

Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 15.0.0, < 15.3.53.5 LOW

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 12.6.0, < 15.3.54.8 MEDIUM

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 12.6.0, < 15.3.54.3 MEDIUM

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.

>= 14.5.0, < 15.3.5, >= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.24.3 MEDIUM

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 12.1.0, < 15.3.55.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

= 15.4.0, >= 15.3.0, < 15.3.4, >= 12.0.0, < 15.2.55.3 MEDIUM

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 9.4.0, < 15.3.54.7 MEDIUM

An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, < 15.3.57.3 HIGH

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 10.1.0, < 15.3.53.5 LOW

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

>= 15.4.0, < 15.4.4, >= 15.5.0, < 15.5.2, >= 13.9.0, < 15.3.54.3 MEDIUM

An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.

>= 15.3, < 15.3.4, = 15.4, >= 15.3, <= 15.3.4, >= 15.2, < 15.2.5, >= 15.2, <= 15.2.57.3 HIGH

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

>= 12.10.0, < 12.10.7, = 13.0.0, >= 10.0.0, < 12.9.82.7 LOW

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 12.6.0, < 15.2.55.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 9.3.0, < 15.2.56.8 MEDIUM

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, >= 10.8.0, < 15.1.64.3 MEDIUM

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 14.2, < 15.2.55.3 MEDIUM

Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 10.0.0, < 15.2.55.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, < 15.2.53.5 LOW

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, < 15.2.52.7 LOW

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, < 15.2.57.5 HIGH

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 14.9, < 15.2.56.5 MEDIUM

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 14.4, < 15.2.56.5 MEDIUM

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 12.8.0, < 15.2.52.7 LOW

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.

<= 12.7.07.3 HIGH

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, < 15.1.63.7 LOW

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.

>= 15.4, < 15.4.1, >= 13.7.0, < 15.2.5, >= 15.3, < 15.3.44.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 9.3, < 15.2.53.5 LOW

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

>= 15.2, < 15.2.4, >= 15.3, < 15.3.2, >= 14.5, < 15.1.63.5 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.

>= 15.4, < 15.4.1, >= 15.3, < 15.3.4, >= 15.0.0, < 15.2.54.3 MEDIUM

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, < 15.1.67.5 HIGH

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, >= 10.0.0, < 15.1.66.5 MEDIUM

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.

>= 15.3, < 15.3.1, >= 15.2, < 15.2.3, >= 10.7.0, < 15.1.54.3 MEDIUM

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.

>= 15.3, < 15.3.1, >= 11.3.4, < 15.1.5, >= 15.2, < 15.2.39.9 CRITICAL

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, >= 12.10, < 15.1.66.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, >= 9.0.0, < 15.1.67.3 HIGH

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, >= 11.10, < 15.1.69.9 CRITICAL

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, < 15.1.64.3 MEDIUM

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.44.3 MEDIUM

An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, < 15.1.66.5 MEDIUM

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, >= 14.9.0, < 15.1.67.3 HIGH

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.

>= 15.3, < 15.3.2, >= 15.2, < 15.2.4, < 15.1.66.4 MEDIUM

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

< 15.0.5, >= 15.1.0, < 15.1.4, = 15.24.4 MEDIUM

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.

>= 15.1.0, < 15.1.4, = 15.2, >= 12.5.0, < 15.0.55.3 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.

>= 15.1.0, < 15.1.4, = 15.2, >= 9.3.0, < 15.0.52.2 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.

>= 15.0.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.26.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.

>= 12.0.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.25.9 MEDIUM

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.

>= 15.1.0, < 15.1.4, = 15.2, >= 14.6.0, < 15.0.55.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.

>= 15.1.0, < 15.1.4, = 15.2, >= 13.10.0, < 15.0.53.5 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.

>= 12.8.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.26.4 MEDIUM

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

>= 12.6.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.28.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

< 15.0.5, >= 15.1.0, < 15.1.4, = 15.22.7 LOW

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.

< 15.0.5, >= 15.1.0, < 15.1.4, = 15.24.9 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.

>= 12.10.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.26.2 MEDIUM

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.

< 15.0.5, >= 15.1.0, < 15.1.4, = 15.26.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.

>= 13.0.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.23.5 LOW

A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.

< 15.0.5, >= 15.1.0, < 15.1.4, = 15.24.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.

>= 13.7.0, < 15.0.5, >= 15.1.0, < 15.1.4, = 15.24.3 MEDIUM

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.

= 15.0.08.7 HIGH

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.

>= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2, >= 14.0.0, < 14.4.53.1 LOW4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 1.0.2, < 14.10.54.3 MEDIUM5 MEDIUM

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers

= 15.1.0, >= 15.0.0, < 15.0.4, >= 12.0.0, < 14.10.55.3 MEDIUM4 MEDIUM

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range

= 15.1.0, >= 15.0.0, < 15.0.4, >= 12.4.0, < 14.10.53.5 LOW5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 13.4.0, < 14.10.55.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 12.2.0, < 14.10.52.7 LOW3.5 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 8.13.0, < 14.10.53.1 LOW4.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 13.7.0, < 14.10.57.5 HIGH5 MEDIUM

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 14.4.0, < 14.10.58.1 HIGH3.5 LOW

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.

= 15.1.0, >= 15.0.0, < 15.0.4, < 14.10.53.1 LOW3.5 LOW

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions

= 15.1.0, >= 15.0.0, < 15.0.4, >= 14.0.0, < 14.10.59.9 CRITICAL7.5 HIGH

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 11.1.0, < 14.0.5, >= 11.1.0, < 14.10.54.7 MEDIUM5.8 MEDIUM

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 14.8.0, < 14.10.54.3 MEDIUM4 MEDIUM

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 10.7.0, < 14.10.56.5 MEDIUM4 MEDIUM

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 14.5.0, < 14.10.58.7 HIGH3.5 LOW

Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link

= 15.1.0, >= 15.0.0, < 15.0.4, >= 14.8.0, < 14.10.55 MEDIUM4 MEDIUM

An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.

= 15.1.0, >= 15.0.0, < 15.0.4, >= 12.5.0, < 14.10.52.6 LOW4.3 MEDIUM

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.

>= 14.10.0, < 14.10.4, >= 11.10.0, < 14.9.5, = 15.0.09.9 CRITICAL6.5 MEDIUM

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.

>= 14.3.0, < 14.9.5, >= 14.10.0, < 14.10.4, = 15.0.02.7 LOW4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.

>= 14.10.0, < 14.10.4, >= 13.11.0, < 14.9.5, = 15.0.07.7 HIGH3.5 LOW

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues

>= 14.10.0, < 14.10.4, >= 12.0.0, < 14.9.5, = 15.0.06.5 MEDIUM4 MEDIUM

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured

>= 14.10.0, < 14.10.4, >= 12.0.0, < 14.9.5, = 15.0.06.5 MEDIUM4 MEDIUM

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured

>= 14.10.0, < 14.10.4, >= 10.8.0, < 14.9.5, = 15.0.04.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.

>= 14.10.0, < 14.10.4, = 15.0.0, >= 11.3.0, < 14.9.55.4 MEDIUM4.9 MEDIUM

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs

= 14.10.0, >= 14.9.0, < 14.9.4, >= 1.0.2, < 14.8.67.1 HIGH6.5 MEDIUM

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches

= 14.10.0, >= 14.9.0, < 14.9.4, >= 1.0.2, < 14.8.64.3 MEDIUM3.5 LOW

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling

= 14.10.0, >= 14.9.0, < 14.9.4, >= 1.0.2, < 14.8.65.4 MEDIUM5 MEDIUM

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface

= 14.10.0, >= 14.9.0, < 14.9.4, >= 13.2.0, < 14.8.64.3 MEDIUM4 MEDIUM

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.

= 14.10.0, >= 14.9.0, < 14.9.4, >= 13.9.0, < 14.8.66.5 MEDIUM5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

= 14.10.0, >= 14.9.0, < 14.9.4, >= 9.2.0, < 14.8.66.1 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.

= 14.10.0, >= 14.9.0, < 14.9.4, >= 14.4.0, < 14.8.62.6 LOW4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.

= 14.10.0, >= 14.9.0, < 14.9.4, < 14.8.64.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.

= 14.10.0, >= 14.9.0, < 14.9.4, >= 8.12.0, < 14.8.66.5 MEDIUM4 MEDIUM

Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project

= 14.10.0, >= 14.9.0, < 14.9.4, >= 11.0.0, < 14.8.65.3 MEDIUM5 MEDIUM

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

= 14.10.0, >= 14.9.0, < 14.9.4, >= 12.6.0, < 14.8.62 LOW4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.

= 14.10.0, >= 14.9.0, < 14.9.4, < 14.8.64.3 MEDIUM3.5 LOW

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled

= 14.10.0, >= 14.9.0, < 14.9.4, >= 12.10.0, < 14.8.64.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.

= 14.10.0, >= 14.9.0, < 14.9.4, >= 8.12.0, < 14.8.64.3 MEDIUM4 MEDIUM

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

>= 14.6.0, < 14.6.4, = 14.7.0, >= 11.9, < 14.5.44.9 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 10.7.0, < 14.7.74.3 MEDIUM3.5 LOW

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, < 14.7.72.6 LOW3.5 LOW

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 8.3.0, < 14.7.78.7 HIGH3.5 LOW

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 14.4.0, < 14.7.78.7 HIGH4.3 MEDIUM

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 10.0.0, < 14.7.76.5 MEDIUM4 MEDIUM

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 12.1.0, < 14.7.73.7 LOW5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 12.2.0, < 14.7.73.1 LOW4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, < 14.7.74.3 MEDIUM4 MEDIUM

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 14.7.0, < 14.7.79.1 CRITICAL7.5 HIGH

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, < 14.7.75.3 MEDIUM5 MEDIUM

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, < 14.7.74.8 MEDIUM4 MEDIUM

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 14.0.0, < 14.7.72.4 LOW3.5 LOW

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 13.11.0, < 14.7.74.3 MEDIUM4 MEDIUM

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 13.1.0, < 14.7.74.3 MEDIUM4 MEDIUM

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 13.7.0, < 14.7.74.3 MEDIUM5 MEDIUM

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 11.5.0, < 14.7.75.3 MEDIUM4.3 MEDIUM

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites

>= 14.9.0, < 14.9.2, >= 14.8.0, < 14.8.5, >= 7.8.0, < 14.7.73.1 LOW4 MEDIUM

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.

>= 14.7.0, < 14.7.4, >= 10.0.0, < 14.6.5, >= 14.8.0, < 14.8.25.8 MEDIUM4.3 MEDIUM

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

>= 12.7.0, <= 14.5.4, >= 14.6.0, <= 14.6.4, = 14.7.04.3 MEDIUM2.1 LOW

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.

>= 14.8.0, < 14.8.2, >= 8.15.0, < 14.6.5, >= 14.7.0, <= 14.7.43.5 LOW3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.

>= 7.9.0, <= 14.7.15.4 MEDIUM6.5 MEDIUM

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.

>= 14.3.0, < 14.3.4, >= 0.8.0, < 14.2.6, = 14.4.06.5 MEDIUM5 MEDIUM

In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.

>= 12.4.0, < 14.7.14.3 MEDIUM3.5 LOW

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address

>= 14.6, < 14.6.4, >= 14.7, < 14.7.1, >= 11.4, < 14.5.44.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.

>= 14.6, < 14.6.4, >= 14.5, < 14.5.4, >= 14.7, < 14.7.17.7 HIGH6.8 MEDIUM

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover

>= 8.10, <= 14.5.4, >= 14.6, <= 14.6.4, >= 14.7, <= 14.7.13.5 LOW4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.

>= 14.7, < 14.7.4, >= 14.8, < 14.8.2, >= 13.2, < 14.6.56.5 MEDIUM3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.

>= 14.7, < 14.7.4, >= 14.8, < 14.8.2, >= 12.0, < 14.6.510 CRITICAL7.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.

>= 14.7, < 14.7.4, >= 14.8, < 14.8.2, >= 10.0, < 14.6.54.2 MEDIUM4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions.

>= 14.6.0, < 14.6.4, >= 10.0, < 14.5.4, = 14.7.03.1 LOW4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project

>= 14.6, < 14.6.4, = 14.7, >= 13.5, < 14.5.44.7 MEDIUM5.8 MEDIUM

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.

>= 14.6, <= 14.6.4, >= 14.7, <= 14.7.1, >= 12.0, <= 14.5.43.1 LOW6.4 MEDIUM

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

>= 14.6.0, < 14.6.1, >= 14.5.0, < 14.5.3, < 14.4.55.9 MEDIUM4.9 MEDIUM

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.

>= 14.7, < 14.7.4, >= 14.8, < 14.8.2, >= 10.0, < 14.6.56.5 MEDIUM6.8 MEDIUM

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands

>= 14.6, <= 14.6.4, >= 10.5.0, <= 14.5.4, >= 14.7.0, <= 14.7.15.4 MEDIUM5.5 MEDIUM

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.

>= 14.8, < 14.8.2, >= 13.0.0, < 14.6.5, >= 14.7.0, < 14.7.45.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.

>= 14.2, < 14.2.5, >= 14.3.0, < 14.3.1, >= 11.3, < 14.1.7, >= 11.3.0, < 14.1.74.3 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 14.1.0, < 14.3.64.3 MEDIUM4 MEDIUM

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call

>= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2, >= 13.10, < 14.4.56.5 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.

>= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2, >= 7.7, < 14.4.57.5 HIGH6 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.

>= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2, >= 13.2, < 14.4.55.3 MEDIUM6.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.

>= 14.5, <= 14.5.3, >= 14.6, <= 14.6.28.6 HIGH5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.

>= 14.5.0, < 14.5.3, >= 14.6.0, < 14.6.2, >= 12.10, < 14.4.56.5 MEDIUM5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.

>= 14.6.0, < 14.6.1, >= 14.5.0, < 14.5.3, < 14.4.56.5 MEDIUM5 MEDIUM

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI.

>= 14.6.0, < 14.6.1, >= 14.5.0, < 14.5.3, < 14.4.53.5 LOW4 MEDIUM

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.

>= 14.6.0, < 14.6.1, >= 14.5.0, < 14.5.3, < 14.4.54.3 MEDIUM4 MEDIUM

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.

>= 14.5.0, < 14.5.3, >= 12.0, < 14.4.5, >= 14.6.0, < 14.6.24.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.

>= 8.4, <= 14.4.5, >= 14.5.0, <= 14.5.3, >= 14.6.0, <= 14.6.33.5 LOW3.5 LOW

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443

>= 14.5, < 14.5.2, >= 14.4, < 14.4.4, >= 14.3, < 14.3.68.7 HIGH3.5 LOW

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis

>= 14.2, < 14.2.5, = 14.3.0, >= 12.0, < 14.1.74.3 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.

>= 14.5, < 14.5.2, >= 14.4, < 14.4.4, >= 12.0, < 14.3.64.3 MEDIUM4 MEDIUM

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 8.11.0, < 14.3.63.1 LOW3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 13.2.0, < 14.3.64.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 8.15.0, < 14.3.63.1 LOW4 MEDIUM

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, < 14.3.65.9 MEDIUM6.5 MEDIUM

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 10.7.0, < 14.3.63.5 LOW4 MEDIUM

Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.

>= 10.5.0, < 14.3.6, >= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.26.8 MEDIUM5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 12.10.0, < 14.3.64.3 MEDIUM4 MEDIUM

Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 12.10.0, < 14.3.64.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 11.0.0, < 14.3.64.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 13.7.0, < 14.3.66.5 MEDIUM4 MEDIUM

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 12.4.0, < 14.3.64.3 MEDIUM4 MEDIUM

Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 12.0.0, < 14.3.63.7 LOW5 MEDIUM

An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 14.0.0, < 14.3.64.4 MEDIUM2.1 LOW

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 11.0.0, < 14.3.67.1 HIGH5.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 9.4.0, < 14.3.62.7 LOW4 MEDIUM

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 14.1.0, < 14.3.64.3 MEDIUM4 MEDIUM

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 13.0.0, < 14.3.65.3 MEDIUM5 MEDIUM

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 12.9.0, < 14.3.64.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 11.1.0, < 14.3.63.1 LOW4 MEDIUM

Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.

>= 14.4.0, < 14.4.4, >= 14.5.0, < 14.5.2, >= 12.6.0, < 14.3.62.6 LOW4.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.

>= 13.7.0, < 13.7.2, >= 13.6.0, < 13.6.4, >= 11.6.0, < 13.5.66.2 MEDIUM5 MEDIUM

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content

= 14.3.0, >= 14.2.0, < 14.2.5, = 14.3.1, >= 14.1.1, < 14.1.73.1 LOW7.5 HIGH

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.

>= 14.4.0, < 14.4.1, >= 14.3.0, < 14.3.4, >= 13.7.0, < 14.2.65.3 MEDIUM5 MEDIUM

A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.

>= 14.3.0, < 14.3.4, >= 13.9.0, < 14.2.6, = 14.4.01.7 LOW4 MEDIUM

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers

>= 14.4.0, < 14.4.1, >= 14.3.0, < 14.3.4, >= 13.7.0, < 14.2.65.3 MEDIUM5 MEDIUM

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.

>= 14.3.0, < 14.3.4, < 14.2.6, = 14.4.04.4 MEDIUM7.2 HIGH

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges

>= 14.3.0, < 14.3.4, = 14.4.0, >= 11.3.0, < 14.2.6, >= 11.2.0, < 14.3.4, >= 11.3.0, < 14.4.15.3 MEDIUM3.5 LOW

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances

>= 8.9.6, < 14.2.64.3 MEDIUM4 MEDIUM

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with

>= 14.3.0, < 14.3.4, >= 11.10.0, < 14.2.6, = 14.4.02.7 LOW4 MEDIUM

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.

>= 14.3.0, < 14.3.4, >= 13.1.0, < 14.2.6, = 14.4.04.3 MEDIUM4 MEDIUM

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

>= 14.4.0, < 14.4.1, >= 14.3.0, < 14.3.4, >= 13.5.0, < 14.2.68.7 HIGH4.3 MEDIUM

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.

>= 14.2.0, < 14.2.5, >= 10.6.0, < 14.1.7, = 14.3.03.7 LOW5 MEDIUM

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.

>= 12.10.0, < 12.10.7, >= 12.9.0, < 12.9.8, = 13.0.02.6 LOW5 MEDIUM

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred

>= 8.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 14.3.06 MEDIUM2.1 LOW

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 13.7.0, < 14.0.97.7 HIGH3.5 LOW

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf

>= 14.3.0, < 14.3.4, >= 13.0.0, < 14.2.6, = 14.4.06.5 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.

>= 14.3.0, < 14.3.4, >= 8.13.0, < 14.2.6, = 14.4.03.1 LOW5 MEDIUM

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user

>= 14.3.0, < 14.3.4, >= 13.4.0, < 14.2.6, = 14.4.04.3 MEDIUM4 MEDIUM

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 13.0.0, < 14.0.95.5 MEDIUM5.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 11.9.0, < 14.0.9, > 14.1.0, < 14.1.4, > 11.9.0, < 14.0.9, = *6.5 MEDIUM4 MEDIUM

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.

>= 8.0.0, < 14.1.7, >= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.55.9 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 13.8.0, < 14.0.96.8 MEDIUM4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted.

>= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.5, >= 7.7.0, < 14.1.73.5 LOW3.5 LOW

In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.

>= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.5, >= 11.11.0, < 14.1.74.3 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 14.0.0, < 14.0.95.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.

>= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.5, >= 10.6.0, < 14.1.72.6 LOW4 MEDIUM

Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 8.9.0, < 14.0.94.3 MEDIUM4 MEDIUM

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 13.12.0, < 14.0.95.4 MEDIUM4 MEDIUM

Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page

>= 14.2.0, < 14.2.2, >= 14.1.0, < 14.1.4, >= 13.9.0, < 14.0.97.3 HIGH3.5 LOW

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses

>= 14.1.0, < 14.1.7, >= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.54.3 MEDIUM4 MEDIUM

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

>= 14.2, < 14.2.5, >= 1.0.0, < 14.1.7, = 4.3.05.3 MEDIUM5 MEDIUM

In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.

>= 8.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 14.3.05.4 MEDIUM5.5 MEDIUM

In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.

>= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.5, >= 8.13.0, < 14.1.74.3 MEDIUM4 MEDIUM

In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.

>= 13.0.0, < 14.1.7, >= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.55.8 MEDIUM3.5 LOW

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.

>= 14.1.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.06.5 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

>= 14.3.0, < 14.3.1, >= 14.2.0, < 14.2.5, >= 9.1.0, < 14.1.75.3 MEDIUM5 MEDIUM

A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.

>= 13.6.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.05.3 MEDIUM5 MEDIUM

In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.

>= 8.9.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.06.5 MEDIUM4.3 MEDIUM

In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.

>= 14.2.0, < 14.2.5, = 14.3.0, >= 13.10.0, < 14.1.74.3 MEDIUM4 MEDIUM

In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.

>= 8.15.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.06.5 MEDIUM5.5 MEDIUM

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.

>= 13.6.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.05.4 MEDIUM5.5 MEDIUM

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.

>= 14.3, < 14.3.1, >= 14.2, < 14.2.5, >= 8.4.0, < 14.1.77.3 HIGH3.5 LOW

A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.

>= 14.3, < 14.3.1, >= 14.2, < 14.2.5, >= 12.2.0, < 14.1.77.7 HIGH4.3 MEDIUM

A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.

>= 14.3, < 14.3.1, >= 14.2, < 14.2.5, >= 8.0.0, < 14.1.73.8 LOW5.5 MEDIUM

In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.

>= 14.3, < 14.3.1, >= 14.2, < 14.2.5, >= 11.0.0, < 14.1.74.3 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.

>= 14.3, < 14.3.1, >= 14.2, < 14.2.5, >= 1.0.0, < 14.1.72.9 LOW1.9 LOW

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.

>= 14.2.0, < 14.2.5, = 14.3.0, >= 10.8.0, < 14.1.72 LOW4 MEDIUM

Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.

>= 7.11.0, < 14.1.72.2 LOW4 MEDIUM

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication

>= 14.2.0, < 14.2.5, = 14.3.0, >= 13.11.0, < 14.1.74.3 MEDIUM4 MEDIUM

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.

>= 14.2.0, < 14.2.5, = 14.3.0, >= 13.7.0, < 14.1.78.7 HIGH3.5 LOW

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names

>= 1.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.04.3 MEDIUM4.3 MEDIUM

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.

>= 13.0.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.04.3 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.

>= 12.6.0, < 14.1.74.3 MEDIUM4 MEDIUM

A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.

>= 8.12.0, < 14.1.7, >= 14.2.0, < 14.2.5, = 4.3.04.3 MEDIUM4 MEDIUM

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.75 MEDIUM4 MEDIUM

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.1.0, < 13.12.93.1 LOW4 MEDIUM

Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 12.6.0, < 13.12.95.4 MEDIUM5.5 MEDIUM

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.3.0, < 13.12.95.4 MEDIUM5.5 MEDIUM

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 7.10.0, < 13.12.95 MEDIUM4 MEDIUM

Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.0.0, < 13.12.94.3 MEDIUM4 MEDIUM

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, < 13.12.92.7 LOW4 MEDIUM

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view

>= 14.1.0, < 14.1.25.5 MEDIUM6.5 MEDIUM

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 11.4.0, < 13.12.98.7 HIGH3.5 LOW

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.1.0, < 13.12.96.6 MEDIUM4 MEDIUM

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.4.0, < 13.12.94.9 MEDIUM4.9 MEDIUM

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.7.0, < 13.12.96.5 MEDIUM4 MEDIUM

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 12.2.0, < 13.12.94.3 MEDIUM4 MEDIUM

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 12.2.0, < 13.12.94.3 MEDIUM4 MEDIUM

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.12.0, < 13.12.95.3 MEDIUM5 MEDIUM

Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.3.0, < 13.12.96.8 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 2.0.0, < 13.11.67.7 HIGH4 MEDIUM

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.7, >= 13.1.0, < 13.12.93.1 LOW3.5 LOW

Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.

>= 14.0.0, <= 14.0.4, >= 13.12.0, <= 13.12.8, >= 13.11.0, <= 13.11.79.6 CRITICAL3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.

>= 14.1.0, < 14.1.2, >= 14.0.0, < 14.0.78.7 HIGH3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 13.7.0, < 13.11.64.2 MEDIUM4 MEDIUM

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 13.10.0, < 13.11.64.3 MEDIUM4 MEDIUM

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details

>= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2, >= 13.11.3, < 13.11.64.7 MEDIUM3.5 LOW

Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown

>= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.27.1 HIGH4.3 MEDIUM

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, < 13.11.66.1 MEDIUM4.3 MEDIUM

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 8.0.0, < 13.11.63.5 LOW4 MEDIUM

A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username.

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 9.3.0, < 13.11.64.9 MEDIUM6.5 MEDIUM

Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.

>= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2, < 13.11.66.5 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 13.9.0, < 13.11.66.1 MEDIUM4.3 MEDIUM

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link

>= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2, >= 12.8, < 13.11.65.9 MEDIUM4.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 9.5.0, < 13.11.63.5 LOW3.5 LOW

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE

>= 14.0.0, < 14.0.2, >= 13.12.0, < 13.12.6, >= 13.9.0, < 13.11.66.5 MEDIUM4.9 MEDIUM

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9

= *, >= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.5, >= 12.0, < 13.10.53.7 LOW4.3 MEDIUM

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, >= 10.5.0, < 13.6.76.8 MEDIUM6.8 MEDIUM

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

>= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.5, >= 11.8.0, < 13.10.57.7 HIGH4 MEDIUM

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.

< 13.10.5, >= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.56.5 MEDIUM4 MEDIUM

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description

>= 13.12, <= 13.12.2, >= 13.11, <= 13.11.5, >= 13.10, <= 13.10.56.1 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.

>= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.5, >= 12.9.0, < 13.10.56.5 MEDIUM6.4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired

>= 13.11, < 13.11.5, < 13.10.5, >= 13.12, < 13.12.26.5 MEDIUM4 MEDIUM

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request

>= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.5, >= 9.5.0, < 13.10.54.4 MEDIUM4 MEDIUM

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.

>= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.5, >= 7.10.0, < 13.10.58.8 HIGH4.3 MEDIUM

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

>= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.57.5 HIGH4 MEDIUM

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects

>= 13.12.0, < 13.12.2, >= 13.11.0, < 13.11.5, >= 12.8.0, < 13.10.52.6 LOW4 MEDIUM

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

>= 13.12, < 13.12.2, >= 13.11, < 13.11.5, >= 10.5, < 13.10.56.8 MEDIUM4.3 MEDIUM

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

>= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.2, >= 13.8.0, < 13.9.77.5 HIGH5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.

>= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.2, >= 13.2.0, < 13.9.75.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.

>= 13.5.0, < 13.9.74.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.

>= 11.6.0, < 13.9.7, >= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.26.8 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

>= 13.10.0, < 13.10.4, >= 13.11.0, < 13.11.2, >= 13.7.0, < 13.9.73.1 LOW3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.

>= 13.10.0, < 13.10.3, >= 13.9.0, < 13.9.6, >= 11.9.0, < 13.8.810 CRITICAL7.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

>= 13.10.0, < 13.10.1, >= 13.9.0, < 13.9.5, >= 12.9, < 13.8.73.5 LOW3.5 LOW

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.

>= 13.9.0, < 13.9.2, >= 13.8.0, < 13.8.5, >= 13.7.0, < 13.7.88.5 HIGH4 MEDIUM

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token

<= 13.10.02.4 LOW4.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.

>= 13.9.0, < 13.9.5, >= 13.7.9, < 13.8.7, = 13.10.07.5 HIGH7.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.

= *, >= 13.10.0, < 13.10.1, >= 13.9.0, < 13.9.5, >= 13.8.0, < 13.8.74.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.

= *, >= 13.10.0, < 13.10.1, >= 13.9.0, < 13.9.5, >= 10.6.0, < 13.8.73.5 LOW4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other

= *, >= 13.10.0, < 13.10.1, >= 13.9.0, < 13.9.5, >= 13.4.0, < 13.8.76.3 MEDIUM3.5 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.

>= 13.9.0, < 13.9.5, = 13.10.0, >= 12.6.0, < 13.8.75.9 MEDIUM4.3 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.

= *, >= 13.10.0, < 13.10.1, >= 13.9.0, < 13.9.59.6 CRITICAL4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, >= 12.6.0, < 13.6.74.3 MEDIUM4 MEDIUM

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.

>= 13.9.0, < 13.9.2, >= 13.8.0, < 13.8.5, < 13.7.85.7 MEDIUM2.1 LOW

In all versions of GitLab, marshalled session keys were being stored in Redis.

>= 13.8.0, < 13.8.2, >= 13.7.0, < 13.7.6, >= 12.8.0, < 13.6.64.3 MEDIUM4 MEDIUM

Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, >= 13.6.0, < 13.6.74.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.

>= 13.8.0, < 13.8.2, >= 13.7.0, < 13.7.6, >= 12.8.0, < 13.6.66.2 MEDIUM2.1 LOW

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.

>= 13.7.0, < 13.7.2, >= 13.6.0, < 13.6.4, >= 13.4.0, < 13.5.64.3 MEDIUM4 MEDIUM

An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.

>= 13.9.0, < 13.9.2, >= 13.8.0, < 13.8.5, >= 9.4.0, < 13.7.84.9 MEDIUM4 MEDIUM

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

>= 13.9.0, < 13.9.4, >= 13.2.0, < 13.7.9, >= 13.8.0, < 13.8.69.9 CRITICAL6.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.

>= 13.8.0, < 13.8.2, >= 13.7.0, < 13.7.6, >= 7.1.0, < 13.6.63.5 LOW3.5 LOW

An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.

>= 13.9.0, < 13.9.2, >= 13.8.0, < 13.8.55.4 MEDIUM3.5 LOW

Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki

>= 13.8.0, < 13.8.2, >= 13.7.0, < 13.7.6, >= 12.2.0, < 13.6.65.4 MEDIUM5.5 MEDIUM

A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, >= 13.2.0, < 13.6.75 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, >= 3.0.1, < 13.6.74.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, < 13.6.75.9 MEDIUM6.5 MEDIUM

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.

>= 13.8.0, < 13.8.2, >= 13.7.0, < 13.7.6, >= 11.8, < 13.6.64.1 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.

>= 13.8.0, < 13.8.2, >= 13.7.0, < 13.7.63.5 LOW3.5 LOW

An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.

>= 13.8.0, < 13.8.4, >= 13.7.0, < 13.7.7, >= 13.0.0, < 13.6.75.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.

< 13.6.7, > 13.8, < 13.8.4, > 13.7, < 13.7.74.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.

>= 13.7.0, < 13.7.2, >= 13.6.0, < 13.6.4, >= 11.5.0, < 13.5.67.3 HIGH4.3 MEDIUM

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link

>= 13.7.0, < 13.7.2, >= 13.6.0, < 13.6.4, >= 12.8.0, < 13.5.64.3 MEDIUM4 MEDIUM

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.

>= 13.7.0, < 13.7.2, >= 13.6.0, < 13.6.4, >= 12.1.0, < 13.5.65.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository

>= 13.7.0, < 13.7.25.3 MEDIUM5 MEDIUM

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

>= 13.7.0, < 13.7.2, >= 13.6.0, < 13.6.4, >= 12.4.0, < 13.5.64.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.

>= 13.4.0, < 13.4.7, >= 13.5.0, < 13.5.5, >= 13.6.0, < 13.6.24.3 MEDIUM4 MEDIUM

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 13.1.0, < 13.4.74.3 MEDIUM4 MEDIUM

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 13.1.0, < 13.4.75.3 MEDIUM5 MEDIUM

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 12.2.0, < 13.4.75.3 MEDIUM5 MEDIUM

A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile

>= 13.2.0, < 13.6.23.1 LOW4 MEDIUM

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.

>= 13.4.0, < 13.6.25.3 MEDIUM5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 12.2.0, < 13.4.74.3 MEDIUM4 MEDIUM

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 8.4.0, < 13.4.74 MEDIUM2.1 LOW

Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 10.3.0, < 13.4.74.3 MEDIUM4 MEDIUM

A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.

>= 13.6.0, < 13.6.2, >= 13.5.0, < 13.5.5, >= 12.4.0, < 13.4.75.5 MEDIUM3.5 LOW

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 8.8.9, < 13.3.98.2 HIGH6.4 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 12.10.0, < 13.3.97.6 HIGH5.5 MEDIUM

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 8.14.0, < 13.3.97.5 HIGH5.5 MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 8.12.0, < 13.3.94.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 12.8.0, < 13.3.97.1 HIGH5.5 MEDIUM

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 10.2.0, < 13.3.95.7 MEDIUM4 MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 13.0.0, < 13.3.96.5 MEDIUM5 MEDIUM

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, < 13.3.93.1 LOW4.3 MEDIUM

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.

>= 12.6.0, < 13.3.94.3 MEDIUM4 MEDIUM

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 13.3.0, < 13.3.9, >= 13.3.0, <= 13.3.94.7 MEDIUM2.1 LOW

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 10.2.0, < 13.3.93.7 LOW5 MEDIUM

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.5.0, < 13.5.2, >= 13.4.0, < 13.4.5, >= 13.3.0, < 13.3.95.3 MEDIUM5 MEDIUM

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 13.1.0, < 13.2.104.9 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 10.8.0, < 13.2.105.7 MEDIUM2.1 LOW

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, < 13.2.105.5 MEDIUM6 MEDIUM

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, < 13.2.108.7 HIGH3.5 LOW

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 10.1.0, < 13.2.102.7 LOW4 MEDIUM

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 11.2.0, < 13.2.106.5 MEDIUM4 MEDIUM

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 8.6.0, < 13.2.105.9 MEDIUM5 MEDIUM

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

>= 12.0.0, < 13.2.4, >= 13.3.0, < 13.3.2, >= 13.4.0, < 13.4.19.1 CRITICAL9 HIGH

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 7.12.0, < 13.2.104.3 MEDIUM4 MEDIUM

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

= 13.3.0, = 13.2.0, = 13.1.04.3 MEDIUM4 MEDIUM

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

>= 13.4.0, < 13.4.2, >= 13.3.0, < 13.3.7, >= 10.8.0, < 13.2.105.5 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes

>= 11.2.0, <= 13.4.37.5 HIGH4 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template

>= 13.1.0, < 13.1.2, >= 13.0.0, < 13.0.8, >= 8.10.0, < 12.10.135.4 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.

>= 12.10.0, < 12.10.127.2 HIGH3.5 LOW

An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.

>= 11.8.0, < 12.10.134 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.

< 12.10.135.4 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.

< 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.24.3 MEDIUM4 MEDIUM

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.

< 12.10.136.5 MEDIUM4 MEDIUM

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.

>= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2, >= 12.9.0, < 12.10.137.2 HIGH6.5 MEDIUM

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.

>= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2, >= 8.5.0, < 12.10.137.7 HIGH4.3 MEDIUM

A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos

>= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2, >= 9.4.0, < 12.10.136.5 MEDIUM3.5 LOW

A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API.

>= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2, >= 12.9.0, < 12.10.137.1 HIGH5.5 MEDIUM

A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.

>= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2, >= 11.8.0, < 12.10.134.3 MEDIUM3.5 LOW

A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.

< 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.28.3 HIGH6.5 MEDIUM

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.

>= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2, >= 12.0.0, < 12.10.134.8 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.

>= 13.2.0, < 13.2.6, >= 13.1.0, < 13.1.8, >= 13.0.0, < 13.0.14, <= 10.76.5 MEDIUM7.5 HIGH

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens

>= 12.10.0, < 12.10.13, < 12.6.26.5 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.

>= 12.10.0, < 12.10.13, <= 11.2.04.4 MEDIUM3.5 LOW

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.43.8 LOW6 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.47.1 HIGH4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.42.7 LOW4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.103.5 LOW4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.103.7 LOW5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.103.8 LOW6.5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.103.7 LOW5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.105.4 MEDIUM6.5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.

>= 13.2.0, < 13.2.3, < 13.1.3, >= 13.3.0, < 13.3.16.5 MEDIUM4 MEDIUM

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.103.8 LOW4.9 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.107.2 HIGH5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.105.5 MEDIUM3.5 LOW

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.

>= 13.3.0, < 13.3.4, >= 13.2.0, < 13.2.8, < 13.1.103.8 LOW6.5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.46.5 MEDIUM5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.44.3 MEDIUM4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.44.3 MEDIUM4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.43.7 LOW5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.46.5 MEDIUM4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.

>= 13.0.0, < 13.0.12, >= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.46.4 MEDIUM4.9 MEDIUM

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.45.4 MEDIUM4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.45.4 MEDIUM5.5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.

>= 13.3.0, < 13.3.48 HIGH6.4 MEDIUM

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.46.5 MEDIUM5.5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.48.1 HIGH5.5 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.

>= 13.1.0, < 13.1.10, >= 13.2.0, < 13.2.8, >= 13.3.0, < 13.3.44.3 MEDIUM4 MEDIUM

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, >= 8.9.0, < 13.0.126.5 MEDIUM4 MEDIUM

For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, >= 12.7.0, < 13.0.126.4 MEDIUM4 MEDIUM

For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, >= 12.9.0, < 13.0.127.3 HIGH3.5 LOW

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, < 13.0.126.5 MEDIUM4 MEDIUM

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, >= 10.5.0, < 13.0.123.1 LOW4.9 MEDIUM

For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, >= 10.8.0, < 13.0.127.3 HIGH3.5 LOW

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.

>= 13.0.0, < 13.0.12, >= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.35.5 MEDIUM3.5 LOW

In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page

>= 13.1.0, < 13.1.6, >= 13.2.0, < 13.2.3, >= 8.4.0, < 13.0.127.5 HIGH6.5 MEDIUM

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page

>= 13.2.0, < 13.2.38.1 HIGH5.5 MEDIUM

In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.

>= 13.2.0, < 13.2.3, >= 13.1.0, < 13.1.6, >= 1.0.0, < 13.0.126.3 MEDIUM5.5 MEDIUM

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.

>= 13.2.0, < 13.2.3, >= 13.1.0, < 13.1.6, >= 12.3.0, < 13.0.129.6 CRITICAL5.5 MEDIUM

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.

>= 13.2.0, < 13.2.3, >= 13.1.0, < 13.1.6, >= 7.7.0, < 13.0.124.2 MEDIUM5.5 MEDIUM

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.

>= 11.3.0, <= 13.1.25.3 MEDIUM5 MEDIUM

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

>= 12.10.0, < 12.10.7, = 13.0.0, >= 12.6.0, < 12.9.85.3 MEDIUM4 MEDIUM

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code

>= 12.10.0, < 12.10.7, = 13.0.0, >= 10.3.0, < 12.9.85.3 MEDIUM5 MEDIUM

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token

>= 12.10.0, < 12.10.7, = 13.0.0, >= 9.5.0, < 12.9.87.5 HIGH6.5 MEDIUM

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

>= 12.10.0, < 12.10.7, < 12.9.8, = 13.0.07.4 HIGH4 MEDIUM

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1

>= 12.10.0, < 12.10.7, = 13.0.0, >= 12.2.0, < 12.9.88 HIGH5.5 MEDIUM

A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1

>= 12.10.0, < 12.10.7, >= 12.9.0, < 12.9.8, = 13.0.06.1 MEDIUM4.3 MEDIUM

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link

>= 12.10.0, < 12.10.7, = 13.0.0, >= 12.5.0, < 12.9.84.3 MEDIUM5 MEDIUM

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

>= 12.10.0, < 12.10.7, = 13.0.0, >= 12.3.0, < 12.9.87.5 HIGH6.5 MEDIUM

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow

>= 12.10.0, < 12.10.7, >= 12.0.0, < 12.9.87.5 HIGH7.8 HIGH

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1

>= 12.10.0, < 12.10.7, < 12.9.8, = 13.0.07.5 HIGH5 MEDIUM

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1

>= 10.6.0, <= 13.0.56.3 MEDIUM4 MEDIUM

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

>= 13.1.0, < 13.1.2, >= 13.0.0, < 13.0.8, < 12.10.135.3 MEDIUM5 MEDIUM

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

>= 12.8.0, <= 13.0.16.1 MEDIUM4.3 MEDIUM

A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1

>= 12.10.0, <= 13.0.15.3 MEDIUM5 MEDIUM

A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1

>= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.16.1 MEDIUM4.3 MEDIUM

A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1

>= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1, >= 11.3.0, < 11.9.8, >= 11.3.0, < 12.9.87.5 HIGH6.5 MEDIUM

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API

>= 12.10.0, < 12.10.7, >= 13.0.0, < 13.0.1, < 12.9.86.1 MEDIUM4.3 MEDIUM

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1

>= 12.8, <= 13.0.14.3 MEDIUM4 MEDIUM

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions

>= 12.8.0, < 12.8.105.3 MEDIUM5 MEDIUM

GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.

>= 12.9.0, < 12.9.1, >= 12.8.0, < 12.8.8, >= 10.8.0, < 12.7.85.3 MEDIUM5 MEDIUM

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.

>= 12.9.0, < 12.9.1, >= 12.8.0, < 12.8.8, >= 12.6.0, < 12.7.85.3 MEDIUM5 MEDIUM

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.

>= 9.5.9, < 12.7.8, >= 12.9.0, < 12.9.1, >= 12.8.0, < 12.8.84.8 MEDIUM3.5 LOW

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.

>= 12.8.0, < 12.8.9, >= 12.9.0, < 12.9.3, >= 8.15.0, < 12.7.96.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.

>= 12.8.0, < 12.8.9, >= 12.9.0, < 12.9.3, >= 10.7.9, < 12.7.9, >= 10.7.0, < 12.7.97.5 HIGH5 MEDIUM

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.

< 12.7.9, >= 12.8.0, < 12.8.9, >= 12.9.0, < 12.9.37.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.

>= 9.0.0, <= 12.94.3 MEDIUM4 MEDIUM

GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.

>= 8.0.0, <= 12.99.8 CRITICAL7.5 HIGH

GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.

>= 11.10.0, <= 12.94.3 MEDIUM4 MEDIUM

GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.

>= 8.11.0, <= 12.95.3 MEDIUM5 MEDIUM

GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.

>= 8.17.0, <= 12.97.5 HIGH5 MEDIUM

GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.

>= 8.5.0, <= 12.95.5 MEDIUM2.1 LOW

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.

>= 10.8.0, <= 12.94.3 MEDIUM4 MEDIUM

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.

>= 8.11.0, <= 12.9.16.5 MEDIUM5.8 MEDIUM

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

>= 11.7.0, <= 12.97.5 HIGH5 MEDIUM

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

<= 12.97.5 HIGH5 MEDIUM

GitLab through 12.9 is affected by a potential DoS in repository archive download.

>= 11.1.0, < 12.9.16.5 MEDIUM4 MEDIUM

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

>= 8.10.0, < 12.9.19.8 CRITICAL7.5 HIGH

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

>= 12.1.0, <= 12.8.16.1 MEDIUM4.3 MEDIUM

GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.

>= 12.5.0, <= 12.8.16.1 MEDIUM5.8 MEDIUM

GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.

>= 3.0.0, <= 12.8.19.8 CRITICAL7.5 HIGH

GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.

>= 10.1.0, <= 12.8.19.8 CRITICAL7.5 HIGH

GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.

>= 12.4.2, <= 12.8.17.5 HIGH5 MEDIUM

GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.

>= 12.1.0, <= 12.8.16.1 MEDIUM4.3 MEDIUM

GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.

>= 11.7.0, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.

>= 11.6.0, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace

>= 8.11.0, <= 12.8.17.5 HIGH5 MEDIUM

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,

<= 12.8.17.5 HIGH5 MEDIUM

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

>= 9.3.0, <= 12.8.16.1 MEDIUM4.3 MEDIUM

GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.

>= 10.4.0, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.

>= 12.3.5, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.

>= 12.5.0, <= 12.8.18.1 HIGH5.5 MEDIUM

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.

>= 12.7.0, <= 12.8.19.1 CRITICAL6.4 MEDIUM

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.

>= 12.2.0, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.

<= 12.8.16.5 MEDIUM4 MEDIUM

GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.

>= 8.3.0, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.

>= 12.1.0, <= 12.8.16.1 MEDIUM4.3 MEDIUM

GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.

>= 7.10.0, <= 12.8.15.3 MEDIUM5 MEDIUM

GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.

>= 12.8.0, < 12.8.65.3 MEDIUM4.3 MEDIUM

GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

>= 10.6.0, <= 12.0.27.5 HIGH5 MEDIUM

An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.

>= 8.11.0, <= 12.0.24.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.

>= 8.3.0, <= 12.0.25.9 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption.

>= 9.2.0, <= 12.0.26.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.

>= 11.11, <= 12.0.24.9 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.

>= 9.0.0, <= 12.0.24.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.

>= 11.9.0, <= 12.0.24.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.

< 12.0.37.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.

>= 11.10.0, <= 12.0.25.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2).

>= 8.9.0, <= 11.11.06.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.

>= 11.10.0, <= 12.0.24.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.

>= 11.10.0, <= 12.0.24.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.

>= 8.3.0, <= 11.11.07.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.

>= 8.4.0, <= 11.11.05.4 MEDIUM3.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.

>= 11.9.0, <= 11.11.09.8 CRITICAL7.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.

>= 11.7.0, <= 11.11.06.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.

>= 8.4.0, <= 11.11.07.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.

>= 8.13.0, <= 11.11.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.

>= 8.13.0, <= 11.11.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.

= 11.11.08.8 HIGH6.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.

>= 11.9.0, <= 11.11.06.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.

>= 6.8.0, <= 11.11.09.8 CRITICAL7.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.

>= 11.7.0, <= 11.11.05.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.

>= 10.6.0, <= 11.11.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.

>= 12.7.0, <= 12.7.2, >= 10.7.0, < 12.6.89.8 CRITICAL7.5 HIGH

GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.

>= 12.5.0, <= 12.7.57.5 HIGH5 MEDIUM

In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.

= 12.0.0, >= 12.0.1, < 12.5.04.3 MEDIUM4 MEDIUM

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

<= 11.84.3 MEDIUM4 MEDIUM

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.

= *, >= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 11.2.0, < 12.0.84.3 MEDIUM4 MEDIUM

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.

>= 12.6.0, < 12.6.6, >= 12.7.2, < 12.7.4, >= 11.3.0, < 12.5.97.5 HIGH5 MEDIUM

An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.

>= 12.6.0, < 12.6.6, < 12.5.9, >= 12.7.0, <= 12.7.26.1 MEDIUM4.3 MEDIUM

GitLab through 12.7.2 allows XSS.

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 12.4.0, < 12.5.95.3 MEDIUM5 MEDIUM

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.27.5 HIGH5 MEDIUM

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

>= 12.6.0, < 12.6.6, >= 8.8.0, < 12.5.9, >= 12.7.0, <= 12.7.25.3 MEDIUM4.3 MEDIUM

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 10.1.0, < 12.5.95.3 MEDIUM5 MEDIUM

GitLab EE 10.1 through 12.7.2 allows Information Disclosure.

>= 12.6.0, < 12.6.6, >= 12.7.0, < 12.7.4, >= 12.0, < 12.5.97.5 HIGH5 MEDIUM

GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 11.0.0, < 12.5.96.1 MEDIUM4.3 MEDIUM

GitLab EE 11.0 and later through 12.7.2 allows XSS.

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 11.11.0, < 12.5.97.5 HIGH5 MEDIUM

GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 8.0.0, < 12.5.97.5 HIGH5 MEDIUM

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

>= 12.0.0, <= 12.7.24.3 MEDIUM4 MEDIUM

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).

>= 12.7.0, < 12.7.4, >= 12.7.0, <= 12.7.4, >= 12.6.0, < 12.6.6, < 12.5.97.5 HIGH5 MEDIUM

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 8.9.0, < 12.5.95.3 MEDIUM4.3 MEDIUM

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

>= 12.6.0, < 12.6.6, >= 12.7.0, <= 12.7.2, >= 8.9.0, < 12.5.99.8 CRITICAL7.5 HIGH

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

>= 6.0.0, < 6.2.4, >= 6.0.0, < 6.2.1, >= 5.0.0, < 5.4.28.8 HIGH6.5 MEDIUM

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

>= 6.0.0, < 6.2.4, >= 6.0.0, < 6.2.1, >= 5.0.0, < 5.4.26.5 MEDIUM4 MEDIUM

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 10.8.0, < 11.11.67.5 HIGH5 MEDIUM

An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.

>= 11.5.0, < 11.11.74.3 MEDIUM4 MEDIUM

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.8.0, < 11.11.66.5 MEDIUM4 MEDIUM

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.11.0, < 11.11.67.5 HIGH5 MEDIUM

An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.11.0, < 11.11.68.8 HIGH6.5 MEDIUM

An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.

>= 12.2.0, < 12.2.8, >= 12.1.0, < 12.1.14, >= 12.3.0, < 12.3.57.5 HIGH5 MEDIUM

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, >= 12.1.0, < 12.1.129.8 CRITICAL7.5 HIGH

Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.

>= 10.2.0, < 11.11.79.8 CRITICAL7.5 HIGH

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.

>= 8.14.0, < 11.11.74.3 MEDIUM4 MEDIUM

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, >= 12.1.0, < 12.1.125.3 MEDIUM5 MEDIUM

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.

>= 12.1.0, < 12.1.106.1 MEDIUM4.3 MEDIUM

A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, >= 12.1.0, < 12.1.125.3 MEDIUM5 MEDIUM

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

>= 9.0.0, < 11.11.78.8 HIGH6.8 MEDIUM

A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, >= 12.1.0, < 12.1.125.3 MEDIUM5 MEDIUM

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, >= 12.1.0, < 12.1.125.3 MEDIUM5 MEDIUM

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, >= 12.1.0, < 12.1.127.5 HIGH5 MEDIUM

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.

>= 12.3.0, <= 12.6.14.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

= 12.6.05.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

>= 10.8.0, <= 12.6.14.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.

>= 8.9.0, <= 12.6.15.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.

>= 5.1.0, <= 12.6.14.3 MEDIUM3.5 LOW

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.

>= 9.1.0, <= 12.6.15.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.

>= 8.13, <= 12.6.15.3 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.

>= 11.4.0, <= 12.6.14.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.

>= 11.0.0, <= 12.6.05.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.

>= 10.5.0, <= 12.3.8, >= 12.4.0, <= 12.4.5, >= 12.5.0, <= 12.5.37.5 HIGH5 MEDIUM

In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.

>= 12.4.0, <= 12.4.5, >= 12.5.0, <= 12.5.3, >= 11.3.0, <= 12.3.89.8 CRITICAL7.5 HIGH

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.

>= 12.5.0, < 12.5.2, >= 12.4.0, < 12.4.5, >= 8.4.0, < 12.3.87.5 HIGH5 MEDIUM

GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.

>= 12.5.0, < 12.5.2, >= 12.4.0, < 12.4.5, >= 12.3.0, < 12.3.87.5 HIGH5 MEDIUM

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.

>= 12.5.0, < 12.5.2, >= 8.14.0, < 12.3.8, >= 12.4.0, < 12.4.55.8 MEDIUM5 MEDIUM

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.

>= 8.90, < 12.5.14.3 MEDIUM4 MEDIUM

GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.

>= 9.0.0, < 12.5.14.9 MEDIUM4 MEDIUM

GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

< 12.5.15.4 MEDIUM5.5 MEDIUM

GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).

>= 8.2.0, < 12.5.14.3 MEDIUM4 MEDIUM

GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.

>= 11.9.0, < 12.5.24.3 MEDIUM4 MEDIUM

GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.

>= 6.7.0, < 12.5.18.8 HIGH6.8 MEDIUM

GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.

>= 12.3.0, < 12.5.14.3 MEDIUM4 MEDIUM

GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.

>= 12.2.0, < 12.5.15.3 MEDIUM5 MEDIUM

GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.

>= 11.3.0, < 12.5.14.3 MEDIUM4 MEDIUM

GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).

>= 10.8.0, < 12.5.15.3 MEDIUM5 MEDIUM

GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.

< 12.5.15.3 MEDIUM5 MEDIUM

GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).

>= 12.5.0, < 12.5.1, >= 8.14.0, < 12.3.7, >= 12.4.0, < 12.4.45.4 MEDIUM3.5 LOW

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.

>= 8.17.0, < 12.5.14.3 MEDIUM4 MEDIUM

Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).

>= 8.17.0, < 12.5.14.3 MEDIUM4 MEDIUM

Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).

>= 11.3.0, < 12.5.19.8 CRITICAL7.5 HIGH

Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.

>= 9.6.0, < 12.5.15.3 MEDIUM5 MEDIUM

GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 11.0.0, < 11.4.137.2 HIGH6.4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.12.0, < 11.4.136.3 MEDIUM6.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.7.0, < 11.4.135 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 11.2.0, < 11.4.135.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.10.0, < 11.4.134.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.17.0, < 11.4.134.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.4.0, < 11.4.137.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 11.2.0, < 11.4.135.4 MEDIUM3.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 11.3.0, < 11.4.135.4 MEDIUM3.5 LOW

An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 9.1.0, < 11.4.135.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 11.3.0, < 11.4.135.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.10.0, < 11.4.135.4 MEDIUM3.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 9.3.0, < 11.4.134.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

>= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.1, >= 8.0.0, < 11.4.135.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.106.5 MEDIUM4 MEDIUM

A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.

>= 12.3.0, < 12.3.3, >= 12.2.0, < 12.2.7, < 12.1.135.3 MEDIUM5 MEDIUM

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.11.0, < 11.11.66.5 MEDIUM5.5 MEDIUM

An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.108.8 HIGH6.5 MEDIUM

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.128.8 HIGH6.5 MEDIUM

An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.

< 12.3.36.5 MEDIUM4 MEDIUM

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.106.5 MEDIUM4 MEDIUM

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.124.3 MEDIUM4 MEDIUM

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.127.5 HIGH5 MEDIUM

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.

>= 12.3.0, < 12.3.2, >= 12.2.0, < 12.2.6, < 12.1.127.5 HIGH5 MEDIUM

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

>= 11.6.0, <= 12.4.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.

<= 12.4.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.

<= 12.4.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.

<= 12.4.06.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.

>= 8.17.0, <= 12.4.05.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).

>= 11.0.0, <= 12.4.07.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop.

>= 10.5.0, <= 12.4.06.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.

<= 12.4.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).

>= 11.3.0, <= 12.4.05.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.

>= 10.7.4, <= 12.4.06.1 MEDIUM5.8 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect.

>= 8.15.0, <= 12.4.04.3 MEDIUM5.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).

>= 11.3.0, <= 12.3.05.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).

>= 11.8.0, <= 12.4.08.8 HIGH6.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.

>= 10.5.0, <= 12.4.02.7 LOW4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).

>= 8.15.0, <= 12.4.07.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.

>= 11.3.0, <= 12.3.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.

>= 11.3.0, <= 12.4.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.

<= 12.4.04.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).

= 12.2.36.5 MEDIUM4 MEDIUM

GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 9.0.0, < 12.0.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 7.9.0, < 12.0.85.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.

>= 8.1.0, < 12.0.8, >= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.86.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 12.0.0, < 12.0.85.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, < 12.0.86.5 MEDIUM6.4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, < 12.0.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 8.6.0, < 12.0.84.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 7.12.0, < 12.0.84.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 12.0.0, < 12.0.85.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.

>= 12.2.0, < 12.2.35.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 10.1.0, < 12.0.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 11.2.0, < 12.0.85.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, < 12.0.85.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 12.0.0, < 12.0.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 11.10.0, < 12.0.86.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.

>= 11.9.4, < 11.10.15.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 8.15.0, < 12.0.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 10.8.0, < 12.0.85.4 MEDIUM5.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

>= 12.2.0, < 12.2.3, >= 12.1.0, < 12.1.8, >= 8.14.0, < 12.0.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.

>= 12.2.0, < 12.2.5, >= 12.1.0, < 12.1.9, >= 11.6.0, < 12.0.97.1 HIGH5.5 MEDIUM

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

< 11.5.8, >= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.66.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility.

>= 9.0.0, <= 9.5.10, >= 8.9.0, <= 8.17.8, >= 11.0.0, < 11.5.9, >= 11.6.0, < 11.6.7, >= 11.7.0, < 11.7.2, >= 10.0.0, <= 10.8.63.7 LOW4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 8.9.0, < 11.5.85.3 MEDIUM5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 11.0.0, < 11.5.8, >= 10.7.0, <= 10.8.74.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 11.0.0, < 11.5.8, >= 10.6.0, <= 10.8.74.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 11.0.0, < 11.5.8, >= 10.0.0, <= 10.8.7, >= 9.0.0, <= 9.3.7, >= 8.6.0, <= 8.17.86.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 11.0.0, < 11.5.8, >= 10.0.0, <= 10.8.7, >= 9.3.0, <= 9.3.79.8 CRITICAL7.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

< 11.5.8, >= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.65.4 MEDIUM5.8 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.

< 11.5.8, >= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.64.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 10.0.0, < 11.5.87 HIGH6.8 MEDIUM

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 11.3.0, < 11.5.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.

< 11.5.8, >= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.66.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 8.16.0, < 11.5.86.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 7.4.0, < 11.5.86.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 8.17.0, < 11.5.8, >= 8.3.0, < 11.5.88.8 HIGH6.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 8.4.0, < 11.5.87.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 6.5.0, < 11.5.84.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.

>= 11.8.0, < 11.8.10, >= 11.9.0, < 11.9.11, >= 11.10.0, < 11.10.37.5 HIGH5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.

>= 10.0.0, <= 10.8.7, >= 9.0.0, <= 9.3.7, >= 11.10.0, < 11.10.2, >= 11.9.0, < 11.9.10, >= 11.0.0, < 11.8.96.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.

>= 10.0.0, <= 10.8.7, >= 9.0.0, <= 9.3.7, >= 11.10.0, < 11.10.2, >= 11.9.0, < 11.9.10, >= 11.0.0, < 11.8.9, >= 11.10.0, <= 11.10.2, >= 8.1.0, <= 8.17.84.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.

>= 11.10.0, < 11.10.2, >= 11.9.0, < 11.9.10, >= 6.0.0, < 11.8.96.1 MEDIUM4.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.

>= 11.10.0, < 11.10.2, >= 11.9.0, < 11.9.10, >= 8.6.0, < 11.8.95.3 MEDIUM3.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge.

>= 11.10.0, < 11.10.2, >= 11.9.0, < 11.9.104.3 MEDIUM4 MEDIUM

An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.

>= 5.4.0, < 11.8.95.4 MEDIUM3.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.11.0, < 11.11.75.3 MEDIUM5 MEDIUM

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

= 12.0.4, = 12.1.27.2 HIGH6.5 MEDIUM

An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.11.0, < 11.11.75.4 MEDIUM3.5 LOW

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.

>= 11.11.2, < 11.11.7, >= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.25.4 MEDIUM3.5 LOW

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

>= 12.0.0, < 12.0.4, >= 12.1.0, < 12.1.2, >= 11.11.0, < 11.11.73.5 LOW4 MEDIUM

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

>= 12.0, <= 12.1.47.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 11.0.0, < 11.3.115 MEDIUM

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.

>= 11.5.0, < 11.5.14 MEDIUM

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.18.0, < 11.3.117.7 HIGH4 MEDIUM

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.3.0, < 11.3.115 MEDIUM

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.

< 11.3.11, >= 11.3.12, < 11.4.8, >= 11.4.9, < 11.5.15 MEDIUM

All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.

>= 11.5.0, < 11.5.13.5 LOW

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.14 MEDIUM

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.0.0, < 11.3.116.5 MEDIUM4 MEDIUM

GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.6.0, < 11.3.116.4 MEDIUM

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 10.1.0, < 11.3.114 MEDIUM

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.

>= 8.3.0, < 11.3.11, >= 11.3.12, < 11.4.8, >= 11.4.9, < 11.5.1, >= 8.17.0, < 11.3.114.3 MEDIUM

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 7.6.0, < 11.3.115.4 MEDIUM3.5 LOW

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 11.3.0, < 11.3.115.4 MEDIUM3.5 LOW

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.8.0, < 11.3.116.5 MEDIUM

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 11.0.0, < 11.3.115.4 MEDIUM3.5 LOW

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 10.0.0, < 11.3.114 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.6.0, < 11.3.115.3 MEDIUM5 MEDIUM

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 11.0.0, < 11.3.114 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, < 11.3.114 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 11.0.0, < 11.3.114.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.

>= 11.8.0, < 11.8.3, >= 11.0.0, < 11.7.74 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.

>= 11.8.0, < 11.8.1, >= 10.8.0, <= 10.8.7, >= 11.0.0, < 11.6.10, >= 11.7.0, < 11.7.67.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.67.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.62.1 LOW

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).

>= 10.0.0, < 11.5.10, >= 11.6.0, < 11.6.8, >= 11.7.0, < 11.7.34 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.67.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).

>= 11.7.0, < 11.7.46.4 MEDIUM

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.

< 11.5.8, >= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.65 MEDIUM

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 8.14.0, < 11.5.84 MEDIUM

An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.

= *, >= 11.6.0, < 11.6.8, >= 11.7.0, < 11.7.3, >= 11.5.0, < 11.5.107.5 HIGH5 MEDIUM

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.

>= 11.7.0, < 11.7.1, >= 11.6.0, < 11.6.6, >= 8.12.0, < 11.5.84 MEDIUM

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.

>= 6.0.0, < 11.3.11, >= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.16.4 MEDIUM

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.

>= 11.4.0, < 11.4.8, >= 11.5.0, < 11.5.1, >= 8.18.0, < 11.3.115 MEDIUM

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

>= 9.4.0, < 11.4.13, >= 11.5.0, < 11.5.6, >= 11.6.0, < 11.6.15 MEDIUM

An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.45 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.45.8 MEDIUM

An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.44 MEDIUM

An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.45 MEDIUM

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.45 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.44 MEDIUM

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.43.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.45.5 MEDIUM

An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.45 MEDIUM

An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).

< 11.7.8, >= 11.9.0, < 11.9.2, >= 11.8.0, < 11.8.44 MEDIUM

An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.

>= 11.9.0, < 11.9.4, >= 11.8.0, < 11.8.6, < 11.7.105 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.

>= 11.9.0, < 11.9.7, >= 11.8.0, < 11.8.7, < 11.7.116.5 MEDIUM4 MEDIUM

An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.

= 11.5.0, >= 11.4.7, <= 11.4.9, >= 11.3.0, < 11.3.10, >= 11.4.0, < 11.4.66.5 MEDIUM

GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.

= 11.5.0, >= 11.4.7, <= 11.4.9, >= 11.3.0, < 11.3.10, >= 11.4.0, < 11.4.6, <= 11.2.04.3 MEDIUM

GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.

>= 11.8.0, < 11.8.1, >= 10.8.0, <= 10.8.7, >= 11.0.0, < 11.6.107.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.67.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.64.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.

>= 11.8.0, < 11.8.1, >= 11.7.0, < 11.7.6, >= 10.0.0, < 11.6.106.4 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65.8 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.64.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.67.5 HIGH

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.64.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.64.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).

>= 11.8.0, < 11.8.1, < 11.6.10, >= 11.7.0, < 11.7.65 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).

>= 11.7.0, < 11.7.1, >= 9.0.0, < 11.5.8, >= 11.6.0, < 11.6.64 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group.

< 11.5.8, >= 11.6.0, <= 11.6.5, >= 11.7.0, < 11.7.14.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.

>= 11.5.0, < 11.5.5, >= 11.4.0, < 11.4.12, < 11.3.145 MEDIUM

GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.

>= 11.0.0, < 11.3.13, >= 11.4.0, < 11.4.11, >= 11.5.0, < 11.5.45 MEDIUM

GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.

< 11.3.12, >= 11.4.0, < 11.4.10, >= 11.5.0, < 11.5.35 MEDIUM

GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.

< 11.4.05 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, >= 11.2.0, < 11.2.74 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.

>= 11.0.0, < 11.1.8, >= 11.3.0, < 11.3.2, >= 11.2.0, < 11.2.55 MEDIUM

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.

>= 11.3.0, < 11.3.2, >= 11.2.0, < 11.2.5, >= 11.1.0, < 11.1.85 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.

>= 11.0.0, < 11.2.8, >= 11.3.0, < 11.3.9, >= 11.4.0, < 11.4.47.5 HIGH

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.

>= 11.0.0, < 11.1.8, >= 11.3.0, < 11.3.2, >= 11.2.0, < 11.2.54 MEDIUM

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, >= 11.2.0, < 11.2.75 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, >= 8.11, < 11.2.75.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, >= 5.3, < 11.2.76.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, < 11.2.74.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, < 11.2.74 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, >= 8.10.0, < 11.2.75 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.8, >= 10.4.0, < 11.2.74.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.

>= 11.4.0, < 11.4.3, >= 11.3.0, < 11.3.87.5 HIGH

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

>= 8.10.0, < 11.0.6, >= 11.1.0, < 11.1.5, >= 11.2.0, < 11.2.24 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.

>= 8.10.0, < 11.0.6, >= 11.1.0, < 11.1.5, >= 11.2.0, < 11.2.24 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.

>= 11.1.0, < 11.1.5, >= 11.2.0, < 11.2.2, >= 10.7.0, <= 10.7.7, >= 10.8.0, <= 10.8.64.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.

>= 8.10.0, < 11.0.6, >= 11.1.0, < 11.1.5, >= 11.2.0, < 11.2.25 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.

< 10.7.6, >= 10.8.0, < 10.8.5, >= 11.0.0, < 11.0.13.5 LOW

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

< 10.7.6, >= 10.8.0, < 10.8.5, >= 11.0.0, < 11.0.13.5 LOW

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.

>= 10.7.0, < 10.7.63.5 LOW

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

>= 11.1.0, < 11.1.2, >= 11.0.0, < 11.0.5, < 10.8.76.8 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

>= 11.1.0, < 11.1.2, >= 11.0.0, < 11.0.5, < 10.8.73.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

>= 11.1.0, < 11.1.2, >= 11.0.0, < 11.0.5, < 10.8.73.5 LOW

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.

>= 11.1.0, < 11.1.2, >= 11.0.0, < 11.0.5, < 10.8.74.3 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.

>= 11.1.0, < 11.1.2, >= 11.0.0, < 11.0.5, < 10.8.75 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.

>= 11.1.0, < 11.1.25 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.

< 10.7.7, >= 11.0, < 11.0.4, >= 10.8.0, < 10.8.67.5 HIGH

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

>= 10.3.0, < 10.3.4, >= 10.2.0, < 10.2.6, < 10.1.65 MEDIUM

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

>= 10.3.0, < 10.3.4, >= 10.2.0, < 10.2.6, < 10.1.66.8 MEDIUM

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

>= 10.6.0, < 10.6.5, >= 10.7.0, < 10.7.2, < 10.5.84.3 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

>= 8.3, < 10.34 MEDIUM

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

>= 10.6.0, < 10.6.3, >= 10.5.0, < 10.5.7, >= 9.2, < 10.4.74.3 MEDIUM

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

>= 10.6.0, < 10.6.3, >= 10.5.0, < 10.5.7, >= 8.4, < 10.4.74.3 MEDIUM

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

<= 10.3.8, >= 10.5.0, <= 10.5.5, >= 10.4.0, <= 10.4.57.5 HIGH

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

>= 8.8.0, <= 10.1.5, > 8.8.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, > 10.2.0, <= 10.2.5, >= 10.3.0, <= 10.3.3, > 10.3.0, <= 10.3.34 MEDIUM

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.

>= 8.9.0, <= 9.5.10, >= 10.0.0, <= 10.1.5, >= 10.0.0, <= 10.1.15, >= 10.2.0, <= 10.2.5, > 10.2.0, <= 10.2.5, >= 10.3.0, <= 10.3.3, > 10.3.0, <= 10.3.37.8 HIGH6.8 MEDIUM

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

>= 8.4.0, <= 9.5.10, >= 10.0.0, <= 10.1.5, >= 10.0.0, <= 10.1.15, >= 10.2.0, <= 10.2.5, > 10.2.0, <= 10.2.5, >= 10.3.0, <= 10.3.3, > 10.3.0, <= 10.3.36.5 MEDIUM

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

>= 10.3.0, <= 10.3.3, >= 10.2.0, <= 10.2.5, >= 10.1.0, <= 10.1.54.3 MEDIUM

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

>= 10.3.0, <= 10.3.3, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, >= 8.8.0, <= 9.5.106.5 MEDIUM

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

>= 10.3.0, <= 10.3.3, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, >= 8.0.0, <= 9.5.104 MEDIUM

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

>= 10.3.0, <= 10.3.3, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, >= 9.0.0, <= 9.5.104.3 MEDIUM

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.

= 9.5.10, = 10.1.5, = 10.2.5, = 10.3.34.3 MEDIUM

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

>= 10.3.0, <= 10.3.3, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, >= 9.1.0, <= 9.5.105 MEDIUM

Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

>= 10.3.0, <= 10.3.3, >= 8.16.0, <= 9.5.10, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.54 MEDIUM

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

>= 10.3.0, <= 10.3.3, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, >= 9.4.0, <= 9.5.105 MEDIUM

Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.

>= 10.3.0, <= 10.3.3, >= 10.0.0, <= 10.1.5, >= 10.2.0, <= 10.2.5, >= 8.9.0, <= 9.5.107.5 HIGH

Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.

>= 10.3.0, <= 10.3.3, >= 10.2.0, <= 10.2.5, >= 8.8.0, <= 10.1.57.5 HIGH

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.

>= 6.0.0, <= 6.9.2, >= 7.0.0, < 7.4.34 MEDIUM

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

= 9.4.1, = 9.4.04.3 MEDIUM

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.

= 9.2.2, = 9.0.9, = 9.0.2, = 9.4.0, = 9.0.8, = 9.0.1, = 9.0.6, = 9.3.4, = 9.1.6, = 9.3.2, = 9.2.8, = 9.1.4, = 9.0.12, = 9.3.6, = 9.2.4, = 9.2.1, = 9.1.1, = 9.0.5, = 9.1.8, = 9.1.7, = 9.3.1, = 9.0.0, = 9.3.5, = 9.3.9, = 9.2.7, <= 8.17.7, = 9.4.3, = 9.1.0, = 9.1.2, = 9.1.9, = 9.0.3, = 9.0.10, = 9.3.0, = 9.3.7, = 9.2.5, = 9.2.9, = 9.4.2, = 9.4.1, = 9.3.3, = 9.1.5, = 9.0.4, = 9.3.8, = 9.2.0, = 9.2.6, = 9.1.3, = 9.0.11, = 9.2.3, = 9.0.76.8 MEDIUM

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

= 9.2.2, = 9.0.9, = 9.0.2, = 9.0.8, = 9.0.1, = 9.0.6, = 9.1.6, = 9.1.7, = 9.1.1, = 9.2.7, = 9.1.5, = 9.2.4, = 9.0.5, = 9.0.4, = 9.2.5, = 9.1.4, = 9.1.0, = 9.0.0, = 9.2.1, = 9.2.0, = 9.1.3, = 9.0.10, = 9.0.3, = 9.2.3, = 9.0.7, = 9.2.6, = 9.1.26.5 MEDIUM

GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

= 8.11.6, = 8.5.10, = 8.12.0, = 8.7.7, = 8.7.4, = 8.11.9, = 8.7.8, = 8.9.2, = 8.14.1, = 8.9.0, = 8.9.5, = 8.11.8, = 8.17.2, = 8.8.3, = 8.12.6, = 8.17.5, = 8.17.6, = 8.9.10, = 8.13.2, = 8.13.3, = 8.5.5, = 8.5.0, = 8.6.6, = 8.7.1, = 8.13.0, = 8.5.2, = 8.5.9, = 8.6.3, = 8.8.8, = 8.12.9, = 8.14.4, = 8.15.4, = 8.16.5, = 8.6.7, = 8.6.8, = 8.6.9, = 8.7.0, = 8.10.0, = 8.11.11, = 8.11.3, = 8.14.0, = 8.14.10, = 8.6.1, = 8.10.4, = 8.10.5, = 8.10.6, = 8.12.1, = 8.13.11, = 8.16.6, = 8.16.8, = 8.5.6, = 8.5.13, = 8.7.3, = 8.8.9, = 8.10.2, = 8.10.13, = 8.11.0, = 8.11.10, = 8.12.12, = 8.13.10, = 8.14.5, = 8.15.3, = 8.15.6, = 8.7.2, = 8.7.9, = 8.9.7, = 8.10.3, = 8.10.9, = 8.11.1, = 8.12.11, = 8.12.2, = 8.13.1, = 8.13.6, = 8.13.8, = 8.14.2, = 8.15.2, = 8.16.3, = 8.17.0, = 8.8.4, = 8.8.5, = 8.8.6, = 8.10.1, = 8.10.10, = 8.10.11, = 8.11.2, = 8.11.4, = 8.12.4, = 8.12.5, = 8.12.7, = 8.12.8, = 8.13.9, = 8.15.7, = 8.15.8, = 8.16.0, = 8.16.1, = 8.5.1, = 8.6.0, = 8.7.5, = 8.7.6, = 8.9.11, = 8.9.3, = 8.10.7, = 8.12.10, = 8.13.4, = 8.14.6, = 8.14.8, = 8.15.0, = 8.15.1, = 8.16.7, = 8.16.9, = 8.5.3, = 8.5.4, = 8.17.4, = 8.5.8, = 8.6.2, = 8.6.4, = 8.8.0, = 8.8.2, = 8.8.7, = 8.9.1, = 8.9.4, = 8.9.6, = 8.10.8, = 8.11.5, = 8.11.7, = 8.12.3, = 8.13.5, = 8.13.7, = 8.14.3, = 8.16.2, = 8.16.4, = 8.17.1, = 8.17.3, = 8.5.12, = 8.5.7, = 8.6.5, = 8.8.1, = 8.10.12, = 8.14.9, = 8.5.11, = 9.0.9, = 9.0.2, = 9.0.8, = 9.0.1, = 9.0.6, = 9.0.5, = 9.0.4, = 9.0.3, = 9.0.10, = 9.0.7, = 9.0.0, = 9.1.6, = 9.1.7, = 9.1.1, = 9.1.4, = 9.1.0, = 9.1.5, = 9.1.2, = 9.1.3, = 9.2.2, = 9.2.1, = 9.2.4, = 9.2.7, = 9.2.6, = 9.2.5, = 9.2.3, = 9.2.0, = 9.3.4, = 9.3.1, = 9.3.3, = 9.3.5, = 9.3.0, = 9.3.6, = 9.3.7, = 9.3.24 MEDIUM

GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

= 8.16.4, <= 8.14.9, = 8.15.2, = 8.15.3, = 8.15.5, = 8.16.2, = 8.15.4, = 8.16.1, = 8.15.0, = 8.16.0, = 8.15.1, = 8.16.34.3 MEDIUM

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

= 8.16.5, = 8.6.7, = 8.17.3, = 8.13.3, = 8.13.2, = 8.12.0, = 8.16.4, = 8.15.6, = 8.4.10, = 8.14.2, = 8.14.3, = 8.15.2, = 8.15.3, = 8.4.9, = 8.17.2, = 8.16.7, = 8.10.13, = 8.12.7, = 8.14.0, = 8.7.0, = 8.6.8, = 8.2.3, = 8.2.1, = 8.14.1, = 8.15.5, = 8.2.5, = 8.11.0, = 8.14.4, = 8.14.5, = 8.15.0, = 8.15.1, = 8.5.0, = 8.4.0, = 8.17.0, = 8.15.4, = 8.6.0, = 8.5.11, = 8.3.0, = 8.2.4, = 8.13.0, = 8.10.0, = 8.3.9, = 8.11.9, = 8.11.10, = 8.16.0, = 8.16.1, = 8.16.2, = 8.16.3, = 8.7.1, = 8.2.2, = 8.2.0, = 8.14.6, = 8.17.1, = 8.16.6, = 8.15.7, = 8.5.12, = 8.3.8, = 8.12.8, = 8.10.124 MEDIUM

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

= 8.13.6, = 8.14.1, = 8.13.3, = 8.13.2, = 8.13.0, = 8.14.0, = 8.13.1, = 8.13.4, = 8.13.5, = 8.13.7, = 8.14.25 MEDIUM

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.

= 8.4.2, = 8.4.4, = 8.6.7, = 8.4.6, = 8.5.6, = 8.4.5, = 8.2.3, = 8.5.9, = 8.5.4, = 8.3.4, = 8.3.7, = 8.5.2, = 8.5.3, = 8.7.0, = 8.2.1, = 8.5.10, = 8.4.9, = 8.5.1, = 8.6.3, = 8.6.5, = 8.3.1, = 8.3.3, = 8.4.1, = 8.5.0, = 8.6.2, = 8.6.4, = 8.6.6, = 8.3.5, = 8.3.6, = 8.5.5, = 8.2.2, = 8.2.4, = 8.4.7, = 8.5.11, = 8.6.0, = 8.6.1, = 8.2.0, = 8.3.0, = 8.3.2, = 8.4.0, = 8.5.8, = 8.3.8, = 8.4.3, = 8.4.8, = 8.5.76.5 MEDIUM

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

= 8.12.6, = 8.12.2, = 8.13.2, = 8.12.0, = 8.11.6, = 8.11.2, = 8.12.1, = 8.9.6, = 8.10.6, = 8.9.1, = 8.10.7, = 8.9.11, = 8.10.1, = 8.10.2, = 8.10.3, = 8.11.3, = 8.11.5, = 8.9.0, = 8.12.7, = 8.9.4, = 8.9.5, = 8.10.8, = 8.10.9, = 8.10.10, = 8.9.7, = 8.9.9, = 8.11.0, = 8.9.8, = 8.9.10, = 8.10.5, = 8.10.12, = 8.11.1, = 8.10.0, = 8.11.4, = 8.11.8, = 8.13.1, = 8.9.3, = 8.10.11, = 8.12.3, = 8.12.4, = 8.12.5, = 8.9.2, = 8.10.4, = 8.11.7, = 8.11.9, = 8.13.04 MEDIUM

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.

= 6.2.0, = 6.2.2, = 5.2.0, = 6.2.1, = 6.0.0, = 6.1.0, = 5.3.0, = 5.4.06.5 MEDIUM

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

= 6.6.1, = 6.6.04.3 MEDIUM

Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

= 6.2.0, = 5.0.1, = 5.1.0, = 6.2.2, = 5.2.0, = 5.4.1, = 6.0.0, = 5.3.0, = 5.4.2, = 6.2.1, = 5.0.0, = 6.1.0, = 5.4.06.5 MEDIUM

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

= 6.2.0, = 5.0.1, = 5.1.0, = 6.2.2, = 5.2.0, = 6.2.1, = 6.0.0, = 5.4.0, = 5.3.0, = 6.1.0, = 5.0.06.5 MEDIUM

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

= 2.3.0, = 5.3.0, = 0.9.6, = 1.1.0, = 3.0.3, = 5.2.0, = 1.0.1, = 0.9.4, = 6.1.0, = 3.0.1, = 2.1.0, = 1.2.2, = 1.2.1, = 1.2.0, = 6.0.0, = 4.2.0, = 1.0.0, = 5.0.0, = 2.9.1, = 2.8.1, = 2.4.0, = 6.2.0, = 5.4.0, = 2.7.0, = 2.5.0, = 0.9.1, = 0.8.0, = 3.1.0, = 3.0.2, = 2.0.0, = 5.4.1, = 5.0.1, = 4.0.0, = 3.0.0, = 2.9.0, = 2.3.1, = 2.2.0, = 1.0.2, <= 6.2.3, = 6.2.1, = 5.4.2, = 4.1.0, = 6.2.2, = 5.1.0, = 2.8.0, = 2.6.0, <= 6.2.06.8 MEDIUM

GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.

= 2.7.0, = 3.0.0, = 5.0.1, = 5.1.0, = 1.0.1, = 2.9.0, = 2.9.1, = 2.4.0, = 2.3.0, <= 5.4.1, = 3.0.1, = 1.2.0, = 1.0.2, = 4.0.0, = 3.0.3, = 2.8.0, = 2.0.0, = 1.2.1, = 0.9.4, = 2.3.1, = 0.8.0, = 5.2.0, = 3.1.0, = 3.0.2, = 2.8.1, = 2.1.0, = 0.9.1, = 1.1.0, = 5.3.0, = 2.6.0, = 1.0.0, = 5.0.0, = 4.2.0, = 4.1.0, = 2.5.0, = 2.2.0, = 5.4.0, = 1.2.2, = 0.9.6, = 6.1.0, = 6.2.0, = 6.0.0, <= 6.2.3, = 6.2.2, = 6.2.1, = 5.4.2, = 5.4.1, <= 6.2.06.8 MEDIUM

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.

= 6.0.04.3 MEDIUM

Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.