GitLab
Products: GitLab
40.6
Score
64
CVEs
1
Active
63
PoC
1
KEV
#51
Rank
Period:
Product:
| CVE ID | Published | CVSS | Exploit | KEV | AC | PR | Auto | Score(hover) | Affected Products | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2026-9807 | 2026-05-28 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization enforcem |
| CVE-2026-1402 | 2026-05-27 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation. |
| CVE-2026-2601 | 2026-05-27 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to impr |
| CVE-2026-6713 | 2026-05-27 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks. |
| CVE-2025-0186 | 2026-04-22 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to |
| CVE-2025-3922 | 2026-04-22 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resourc |
| CVE-2025-6016 | 2026-04-22 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain con |
| CVE-2025-9957 | 2026-04-22 | 2.7v3.1 | POC | — | Low | High | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper |
| CVE-2026-1660 | 2026-04-22 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation. |
| CVE-2026-1092 | 2026-04-08 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads. |
| CVE-2026-1752 | 2026-04-08 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the |
| CVE-2025-13078 | 2026-03-25 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration |
| CVE-2025-14513 | 2026-03-11 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON pa |
| CVE-2026-0602 | 2026-03-11 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in |
| CVE-2026-1069 | 2026-03-11 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances. |
| CVE-2026-1388 | 2026-02-25 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under |
| CVE-2026-1725 | 2026-02-25 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint. |
| CVE-2026-1747 | 2026-02-25 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages. |
| CVE-2026-1080 | 2026-02-11 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoi |
| CVE-2026-1387 | 2026-02-11 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl. |
| CVE-2026-1456 | 2026-02-11 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing i |
| CVE-2026-1458 | 2026-02-11 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. |
| CVE-2025-1540 | 2025-03-06 | 3.1v3.1 | POC | — | High | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." |
| CVE-2024-9631 | 2025-02-05 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow. |
| CVE-2023-3441 | 2024-10-01 | 6.6v3.1 | POC | — | High | High | no | 0.0 | GitLab | An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. |
| CVE-2024-0861 | 2024-02-21 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions. |
| CVE-2023-6840 | 2024-02-07 | 6.7v3.1 | POC | — | Low | High | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR. |
| CVE-2024-0402 | 2024-01-26 | 9.9v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. |
| CVE-2023-7028 | 2024-01-12 | 10.0v3.1 | ACTIVE | Low | None | YES | 40.6 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an u | |
| CVE-2023-5061 | 2023-12-15 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the RES |
| CVE-2023-3949 | 2023-12-01 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint wh |
| CVE-2023-3964 | 2023-12-01 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled i |
| CVE-2023-3246 | 2023-11-06 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor. |
| CVE-2023-3399 | 2023-11-06 | 8.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom pr |
| CVE-2023-5825 | 2023-11-06 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhau |
| CVE-2023-3115 | 2023-09-29 | 5.4v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. |
| CVE-2023-3413 | 2023-09-29 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only |
| CVE-2023-3914 | 2023-09-29 | 5.4v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects. |
| CVE-2023-3917 | 2023-09-29 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. |
| CVE-2023-3979 | 2023-09-29 | 3.1v3.1 | POC | — | High | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the me |
| CVE-2023-4532 | 2023-09-29 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. |
| CVE-2023-5198 | 2023-09-29 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. |
| CVE-2023-3205 | 2023-09-01 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. |
| CVE-2023-3210 | 2023-09-01 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. |
| CVE-2023-3915 | 2023-09-01 | 6.5v3.1 | POC | — | Low | High | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges o |
| CVE-2023-3950 | 2023-09-01 | 5.5v3.1 | POC | — | Low | High | no | 0.0 | GitLab | An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. |
| CVE-2023-4018 | 2023-09-01 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. |
| CVE-2023-4378 | 2023-09-01 | 5.5v3.1 | POC | — | Low | High | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configur |
| CVE-2023-4647 | 2023-09-01 | 5.3v3.1 | POC | — | High | Low | YES | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. |
| CVE-2023-4002 | 2023-08-04 | 5.3v3.1 | POC | — | High | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups t |
| CVE-2023-3932 | 2023-08-03 | 5.3v3.1 | POC | — | High | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan poli |
| CVE-2023-4008 | 2023-08-03 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. |
| CVE-2023-2022 | 2023-08-02 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have ac |
| CVE-2023-3500 | 2023-08-02 | 4.8v3.1 | POC | — | High | None | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perfo |
| CVE-2023-3900 | 2023-08-02 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load. |
| CVE-2023-3994 | 2023-08-02 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferen |
| CVE-2023-0632 | 2023-08-01 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. |
| CVE-2023-1210 | 2023-08-01 | 3.1v3.1 | POC | — | High | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domai |
| CVE-2023-3364 | 2023-08-01 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilte |
| CVE-2023-3385 | 2023-08-01 | 6.3v3.1 | POC | — | High | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files v |
| CVE-2023-1401 | 2023-07-26 | 5.0v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. |
| CVE-2023-2190 | 2023-07-13 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the proj |
| CVE-2023-2576 | 2023-07-13 | 4.3v3.1 | POC | — | Low | Low | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch. |
| CVE-2023-2620 | 2023-07-13 | 5.5v3.1 | POC | — | Low | High | no | 0.0 | GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This |
Each CVE: 10 pts base (Active only), boosted by:
KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3