Search CVE reports
1121 – 1130 of 1538 results
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |
GitLab through 12.9 is affected by a potential DoS in repository archive download.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | Not in release | Not in release |
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
1 affected package
golang-github-buger-jsonparser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-buger-jsonparser | Not affected | Not affected | Vulnerable | Vulnerable |
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | Not in release | Not in release |
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | — | — | Not in release |