Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-5831

Summary
Assigner-GitLab
Assigner Org ID-ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At-06 Nov, 2023 | 10:30
Updated At-02 Jun, 2026 | 04:13
Rejected At-
Credits

Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitLab
Assigner Org ID:ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At:06 Nov, 2023 | 10:30
Updated At:02 Jun, 2026 | 04:13
Rejected At:
▼CVE Numbering Authority (CNA)
Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.

Affected Products
Vendor
GitLab Inc.GitLab
Product
GitLab
Repo
git://git@gitlab.com:gitlab-org/gitlab.git
CPEs
  • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 16.0 before 16.3.6 (semver)
  • From 16.4 before 16.4.2 (semver)
  • From 16.5 before 16.5.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-201CWE-201: Insertion of Sensitive Information Into Sent Data
Type: CWE
CWE ID: CWE-201
Description: CWE-201: Insertion of Sensitive Information Into Sent Data
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to version 16.3.6, 16.4.1, 16.5.1. Risk can also be mitigated by disabling the default-disabled `super_sidebar_logged_out` feature flag if it was previously enabled.

Configurations
Workarounds
Exploits
Credits
finder
This vulnerability was discovered internally by the GitLab team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/gitlab-org/gitlab/-/issues/428919
issue-tracking
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/428919
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/gitlab-org/gitlab/-/issues/428919
issue-tracking
x_transferred
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/428919
Resource:
issue-tracking
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@gitlab.com
Published At:06 Nov, 2023 | 11:15
Updated At:03 Oct, 2024 | 07:15

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
GitLab Inc.
gitlab
>>gitlab>>Versions from 16.0.0(inclusive) to 16.3.6(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 16.0.0(inclusive) to 16.3.6(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 16.4.0(inclusive) to 16.4.2(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 16.4.0(inclusive) to 16.4.2(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
GitLab Inc.
gitlab
>>gitlab>>16.5.0
cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>16.5.0
cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-201Secondarycve@gitlab.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-201
Type: Secondary
Source: cve@gitlab.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.com/gitlab-org/gitlab/-/issues/428919cve@gitlab.com
Broken Link
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/428919
Source: cve@gitlab.com
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

175Records found
CVE-2019-20148
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.90% / 55.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 19:52
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2019-20143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.88% / 54.42%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 20:03
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-19258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.94%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 16:28
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2019-18456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.88% / 54.42%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 16:04
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-19254
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.08% / 60.84%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 15:51
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18452
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.88% / 54.42%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 16:41
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-19256
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.94%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 16:22
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18459
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.88% / 54.42%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 15:24
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-4008
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.34%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 06:31
Updated-02 Jun, 2026 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Ownership Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-708
Incorrect Ownership Assignment
CVE-2023-3914
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 28.41%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 06:02
Updated-28 Apr, 2026 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect User Management in GitLab

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLabgitlab
CWE ID-CWE-286
Incorrect User Management
CVE-2019-15732
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.55% / 71.96%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 16:59
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2019-15726
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.65% / 73.52%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 16:51
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2019-15738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.54% / 71.77%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 17:03
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-15581
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.97% / 57.14%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 02:43
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab EE
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-15579
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.29%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 02:45
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab CE/EE
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-15727
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.54% / 71.77%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 16:53
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-2408
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.94%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 12:30
Updated-07 Aug, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2019-15740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.61% / 72.79%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 17:05
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-3362
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 36.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 02:08
Updated-20 Mar, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Generation of Error Message Containing Sensitive Information in GitLab

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-7974
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.94%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 15:51
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab EE 10.1 through 12.7.2 allows Information Disclosure.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2023-1167
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 42.42%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2023-1710
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.79% / 51.36%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-0319
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.74% / 49.97%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-0223
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.79% / 51.36%
||
7 Day CHG~0.00%
Published-09 Mar, 2023 | 00:00
Updated-28 Feb, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2025-4976
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 30.93%
||
7 Day CHG+0.02%
Published-24 Jul, 2025 | 06:05
Updated-28 Jul, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
CVE-2022-4255
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 38.36%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2022-4201
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.55% / 41.50%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-3793
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 41.00%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2020-15525
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.06% / 60.16%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 13:52
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2022-3375
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.80% / 51.66%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-535
Exposure of Information Through Shell Error Message
CVE-2022-3031
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-0.51% / 39.19%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2018-20492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.88% / 54.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 16:44
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-2539
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.61% / 44.69%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:09
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2025-2469
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-0.32% / 24.08%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 13:30
Updated-07 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Debug Messages Revealing Unnecessary Information in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1295
Debug Messages Revealing Unnecessary Information
CVE-2022-2281
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-2.6||LOW
EPSS-0.73% / 49.51%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 15:48
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2022-2270
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.68% / 47.73%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 16:31
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1963
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.12% / 61.86%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 17:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2020-7976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.94%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 15:26
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2020-6832
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.94%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 19:47
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2022-1426
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-2||LOW
EPSS-0.85% / 53.33%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:35
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-287
Improper Authentication
CVE-2022-0172
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 50.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 16:51
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2020-10085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.95%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 16:44
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2018-20495
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 55.94%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 21:24
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-7979
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.85% / 53.62%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 14:47
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-19577
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.15% / 79.75%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 14:59
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-2531
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.09% / 61.14%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:09
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-2534
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-2.2||LOW
EPSS-0.55% / 41.57%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:11
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2018-17453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 39.93%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2022-1352
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.24% / 65.36%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:30
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-1188
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-1.01% / 58.72%
||
7 Day CHG+0.06%
Published-04 Apr, 2022 | 19:46
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found