Filtered by vendor Gitlab Subscriptions
Total 1086 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0326 1 Gitlab 1 Dynamic Application Security Testing Analyzer 2024-08-02 5 Medium
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.
CVE-2023-0319 1 Gitlab 1 Gitlab 2024-08-02 5.8 Medium
An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.
CVE-2023-0223 1 Gitlab 1 Gitlab 2024-08-02 5.3 Medium
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.
CVE-2023-0155 1 Gitlab 1 Gitlab 2024-08-02 5.4 Medium
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown
CVE-2023-0042 1 Gitlab 1 Gitlab 2024-08-02 6.1 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2023-0050 1 Gitlab 1 Gitlab 2024-08-02 8.7 High
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.