Vulnerabilities in GitLab
1,068 resultsCVE-2020-13266MEDIUMInsecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other userEPSS 0.6%CVE-2023-6955MEDIUMMissing Authorization in GitLabEPSS 0.6%CVE-2026-1092HIGHImproper Validation of Specified Quantity in Input in GitLabEPSS 0.6%CVE-2022-4007MEDIUMA issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9EPSS 0.5%CVE-2022-1983MEDIUMIncorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, alloEPSS 0.5%CVE-2024-1250MEDIUMPrivilege Chaining in GitLabEPSS 0.5%CVE-2023-2190MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.5%CVE-2022-2534LOWAn issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before EPSS 0.5%CVE-2022-4201LOWA blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to cEPSS 0.5%CVE-2023-3441MEDIUMExposure of Sensitive Information Due to Incompatible Policies in GitLabEPSS 0.5%CVE-2023-5226MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.5%CVE-2021-39886LOWPermissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up tEPSS 0.5%CVE-2024-5067MEDIUMExposure of Sensitive Information to an Unauthorized Actor in GitLabEPSS 0.5%CVE-2024-8311MEDIUMImproper Protection of Alternate Path in GitLabEPSS 0.5%CVE-2024-10240MEDIUMExposure of Sensitive System Information to an Unauthorized Control Sphere in GitLabEPSS 0.5%CVE-2022-4167MEDIUMIncorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2EPSS 0.5%CVE-2022-4317MEDIUMAn issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request heaEPSS 0.5%CVE-2023-3949MEDIUMInsertion of Sensitive Information Into Sent Data in GitLabEPSS 0.5%CVE-2024-1299MEDIUMPrivilege Chaining in GitLabEPSS 0.5%CVE-2026-1102MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%