Gitlab
Monthly
Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private project resources despite administrative revocation. Affected are all GitLab CE/EE instances running versions 18.9 through 18.10.6, 18.11 through 18.11.3, and 19.0.0 - patched versions 18.10.7, 18.11.4, and 19.0.1 were released 2026-05-27. A publicly available exploit exists via HackerOne report #3554993, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.
Unauthorized CI data access in GitLab CE/EE allows an authenticated low-privileged user to read CI pipeline data from a ref type (branch, tag, or merge request ref) other than the one they are authorized to view, under certain unspecified conditions. All GitLab installations - both Community and Enterprise editions - running versions from 12.7 through the unpatched releases are affected. The vulnerability is classified as information disclosure with low confidentiality impact; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.
Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated network attackers due to incorrect authorization checks (CWE-863). All GitLab installations running versions from 18.2 through the patched releases are affected - both Community and Enterprise editions. While the direct impact is limited to information disclosure (project enumeration rather than content access), exposed project names and IDs can facilitate targeted follow-on attacks against otherwise hidden repositories. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Authorization bypass in GitLab Enterprise Edition allows authenticated users holding only developer-role permissions to circumvent flow restrictions when foundational flows are enabled at the group level. Affecting all EE versions from 18.7 through 19.0 (prior to the respective patch releases), this flaw stems from missing authorization checks (CWE-862) and results in a low-integrity-impact, network-accessible exploitation path. No active exploitation has been identified (SSVC: Exploitation none), and GitLab has released patches across all affected branches as of 2026-05-27.
Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo AI workflows to execute under another user's identity, crossing the trust boundary between accounts (CVSS scope: changed). The flaw stems from improper user identity resolution and affects GitLab Enterprise Edition 18.8 through 18.10.6, 18.11 through 18.11.3, and 19.0, with High confidentiality and integrity impact but no availability impact. No public exploit has been identified, CISA's SSVC marks exploitation as 'none,' and the High attack complexity (AC:H) combined with the 'under certain conditions' caveat indicates exploitation is non-trivial rather than push-button.
GitLab Enterprise Edition exposes sensitive deployment data to authenticated users holding only developer-role permissions due to missing authorization checks on deployment-related project resources (CWE-862). Affected versions span a wide range - all EE releases from 11.5 through 18.10.6, 18.11.0 through 18.11.3, and 19.0.0 - making this broadly applicable across unpatched GitLab EE deployments. No public exploit identified at time of analysis per CISA KEV, though SSVC intelligence indicates proof-of-concept code exists, and a HackerOne report (3556381) corroborates researcher discovery.
Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, allowing a low-privileged authenticated user to crash or degrade service availability through insufficient input validation. The root cause is CWE-770 (resource allocation without limits or throttling), meaning a specially crafted request can exhaust server-side resources under certain conditions. Publicly available exploit code exists per SSVC assessment, though CISA has not added this to the Known Exploited Vulnerabilities catalog and automated mass exploitation is considered unlikely.
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain full read/write access to the host filesystem. All Kata Containers installations prior to commit ffa59ce3aa78 are affected when using the default configuration.toml, which enables the `virtio_fs_extra_args` and `kernel_params` pod annotations out of the box. An attacker crafts a pod with two annotations: one to redirect virtiofsd to serve the host root filesystem (`/`) into the guest VM, and a second to enable the agent debug console - after which the entire host filesystem is accessible from inside the supposedly isolated VM. A fully working proof-of-concept with confirmed output against Kata Containers 3.28.0 on Ubuntu 24.04 has been publicly disclosed; no public exploit confirmed as actively exploited (CISA KEV) at time of analysis.
Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands through the unsanitized reference field. The GitHubRepository block concatenates user input directly into git clone commands, enabling attackers to inject malicious options that can lead to SSRF, credential theft, or remote code execution. While no active exploitation is confirmed, the straightforward attack vector and high impact make this a priority for organizations using Prefect's GitHub integration features.
Unauthenticated agent token theft in Coder v2 (self-hosted developer workspace platform) stems from azureidentity.Validate() verifying the PKCS#7 signer's certificate chain but skipping signature verification of the signed content itself. Remote attackers who know a target VM's vmId (a UUIDv4) can forge a PKCS#7 envelope containing a legitimate Azure certificate alongside attacker-controlled content and POST it to the unauthenticated /api/v2/workspaceagents/azure-instance-identity endpoint to receive the victim workspace agent's session token, which then unlocks Git SSH keys, OAuth tokens for GitHub/GitLab/Bitbucket, and workspace secrets. No public exploit identified at time of analysis, but the vulnerability is vendor-confirmed via GHSA-6x44-w3xg-hqqf and a detailed root-cause analysis with attack-path diagram is published.
Broken access control in Arcane's GitOps backend (versions <= 1.18.1) allows any authenticated low-privilege user to exfiltrate plaintext Git credentials (PATs/SSH keys) stored for source-of-truth repositories. Eight of nine /api/customize/git-repositories endpoints omit the checkAdmin() gate, letting a 'user' role attacker repoint a repository URL to an attacker-controlled host and trigger a /test or /branches call that transmits the decrypted token via HTTP Basic auth. No public exploit identified at time of analysis, but the GHSA advisory documents a complete attack chain and a patched release (1.19.0) is available.
{option}` or `/gitlab webhook {option}`, resulting in availability impact (A:H) to the Gitlab plugin infrastructure. CVSS 6.5 reflects moderate risk, with EPSS data and active exploitation status not available at time of analysis.
Unauthenticated remote access to GitLab API operations via gitlab-mcp-server's SSE transport allows attackers to execute all 86 exposed GitLab management tools-including repository deletion, file modification, and configuration changes-using the operator's Personal Access Token. When configured with USE_SSE=true (a documented feature), the Node.js server binds to 0.0.0.0 with wildcard CORS headers, enabling both network-adjacent attackers and malicious web pages to invoke destructive operations without credentials. Public exploit code demonstrates the attack path from initial SSE connection through authenticated GitLab API calls. Patch version 0.6.0 addresses the authentication bypass per GitHub advisory GHSA-8jr5-6gvj-rfpf.
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to open a popup on the attacker-controlled host instead of gitlab.com. This can lead to credential fishing and session state token exfiltration. This issue has been patched in version 29.7.9.
Policy rollback vulnerability in gittuf versions up to 0.13.1 allows attackers with push access to the Reference State Log (RSL) to downgrade repository policies to previously signed versions, bypassing security controls. An attacker cannot roll back to policies that would be unsigned by the current root keys, but can selectively choose any valid prior policy state. Vendor-released patch: gittuf v0.14.0 introduces monotonically increasing version numbers to all policy metadata to prevent rollback attacks.
Cross-site scripting (XSS) in GitLab CE/EE 18.11 before 18.11.1 allows authenticated users to inject unauthorized content into other users' browsers through improper input validation in the Mermaid diagram sandbox. An attacker must have valid GitLab credentials and the victim must view a malicious diagram, limiting real-world impact despite the publicly available exploit code. SSVC analysis rates this as non-automatable with partial technical impact, consistent with the low CVSS 3.5 score.
Cross-Site Request Forgery (CSRF) in GitLab CE/EE allows remote unauthenticated attackers to execute GraphQL mutations as authenticated victims through crafted web pages. Affects all versions from 17.0 through 18.11.0, with publicly available exploit code (HackerOne report 3627285). Despite high CVSS 8.1, exploitation requires user interaction (phishing/social engineering) and is not automatable per CISA SSVC framework. No evidence of active exploitation in CISA KEV at time of analysis. Vendor patches released: 18.9.6, 18.10.4, and 18.11.1.
Authenticated users can trigger denial of service in GitLab CE/EE versions 10.6 through 18.11.0 by sending crafted requests to the discussions endpoint that exhaust server resources. The vulnerability requires valid authentication credentials and affects all affected versions across the 10.6, 18.9, 18.10, and 18.11 release branches. Publicly available exploit code exists; CISA has not yet listed this in the Known Exploited Vulnerabilities catalog, but active exploitation likelihood is moderate given public POC availability and the low complexity of resource exhaustion attacks.
Authenticated users can trigger denial of service in GitLab by overwhelming system resources through the GraphQL API due to insufficient resource allocation limits. Affected versions span from 12.4 through 18.11.0 across three release branches. Publicly available exploit code exists, though active exploitation has not been confirmed in CISA KEV. CVSS 6.5 reflects moderate severity with high availability impact but requires valid authentication.
Denial of service in GitLab CE/EE affects authenticated users who can trigger resource exhaustion when retrieving notes under specific conditions, causing service unavailability. Versions 9.2 through 18.9.5, 18.10.0 through 18.10.3, and 18.11.0 are vulnerable. An authenticated attacker with standard user privileges can exploit this remotely without user interaction via crafted note retrieval requests. A publicly available exploit exists, and patches have been released by GitLab.
Authenticated project owners in GitLab CE/EE versions 11.2-18.9.5, 18.10-18.10.3, and 18.11-18.11.0 can bypass group fork prevention settings due to improper authorization checks, allowing them to create forks when they should be restricted. The vulnerability requires authentication and high-privilege access (project owner role), resulting in low severity (CVSS 2.7). Publicly available exploit code exists and patch versions have been released by the vendor.
Denial of service in GitLab CE/EE versions 12.3 through 18.11.0 allows authenticated users to trigger excessive resource consumption during issue import operations due to improper input validation on user-supplied data. The vulnerability affects all minor versions from 12.3 onwards until patched versions 18.9.6, 18.10.4, and 18.11.1. Publicly available exploit code exists, and CISA SSVC assessment indicates the vulnerability is exploitable but not automatable at scale.
Cross-site scripting vulnerability in GitLab's Storybook development environment allows remote unauthenticated attackers to steal access tokens via crafted user interaction. Affects GitLab CE/EE versions 16.1.0 through 18.9.5, 18.10 through 18.10.3, and 18.11.0. Publicly available exploit code exists (HackerOne report 3574642), though CISA SSVC indicates no confirmed active exploitation at time of analysis. CVSS 8.0 reflects high confidentiality and integrity impact with scope change, but CVSS vector AC:H (high complexity) and UI:R (user interaction required) indicate exploitation requires targeted social engineering rather than automated mass exploitation.
GitLab CE/EE 18.11 before 18.11.1 allows authenticated users to bypass access controls and read titles of confidential or private issues in public projects through improper validation in the issue description rendering process. The vulnerability requires valid user credentials but no elevated privileges, affecting the confidentiality of issue metadata that should be restricted. Publicly available exploit code exists, and a vendor patch is available.
Cross-site scripting (XSS) in GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 enables unauthenticated attackers to execute arbitrary JavaScript in victim browser sessions via improper path validation. GitLab disclosed this vulnerability with publicly available exploit code (HackerOne report 3572231), though CISA SSVC indicates no active exploitation confirmed at time of analysis. CVSS 8.0 reflects the changed scope (S:C) allowing impact beyond the vulnerable component, though High attack complexity (AC:H) and required user interaction (UI:R) limit ease of exploitation. Patched in versions 18.10.4 and 18.11.1.
GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 allow authenticated users to access Virtual Registries using invalidated or incorrectly scoped credentials under certain conditions, resulting in unauthorized information disclosure and modification. The vulnerability requires valid user credentials and network access but no user interaction, affecting confidentiality and integrity with partial technical impact per SSVC. No public exploit code or active exploitation has been identified at time of analysis.
Credential leakage in Tekton Pipelines git resolver allows authenticated users to exfiltrate system-configured Git API tokens (GitHub PAT, GitLab tokens) by directing the resolver to attacker-controlled endpoints. Affects versions 1.0.0 through 1.10.0 when users omit the token parameter in TaskRun or PipelineRun configurations. CVSS 7.7 with scope change reflects cross-tenant credential theft potential in multi-tenant Kubernetes environments. No active exploitation confirmed (not in CISA KEV), but exploitation is straightforward for authenticated cluster users with TaskRun/PipelineRun creation privileges.
Improper access control in GitLab CE/EE 16.9.6-18.10.2 enables authenticated attackers to invoke unauthorized server-side methods via websocket connections, achieving high-severity information disclosure with changed scope. Affects continuous integration/deployment platforms running vulnerable GitLab instances. Exploitation requires low-privilege authentication but no user interaction, enabling lateral information access across security boundaries.
Improper authorization checks in GitLab CE/EE versions 18.2-18.10.2 allow authenticated users with custom role permissions to demote or remove higher-privileged group members, violating role-based access control boundaries. The vulnerability requires high-privilege authentication and results only in integrity compromise (member privilege modification), not data exposure or availability loss. CVSS score of 2.7 reflects the restricted attack surface, though the reputational and operational risk of privilege escalation via role abuse warrants timely patching.
Stored cross-site scripting (XSS) in GitLab EE customizable analytics dashboards allows authenticated users to execute arbitrary JavaScript in other users' browsers due to improper input sanitization. Affected versions include 18.2-18.8.8, 18.9-18.9.4, and 18.10-18.10.2. An attacker with valid GitLab credentials can craft malicious dashboard configurations that execute when other users view the dashboard, potentially stealing session tokens, modifying visible data, or performing actions on behalf of the victim. No public exploit code or active exploitation in the wild has been confirmed; patches are available.
GitLab EE versions 18.6-18.8.8, 18.9-18.9.4, and 18.10-18.10.2 allow authenticated users with auditor role privileges to modify vulnerability flag data in private projects due to improper authorization checks. The vulnerability requires valid GitLab credentials and auditor-level access but enables unauthorized data integrity compromise within project security contexts.
GitLab CE/EE versions 18.2-18.10.2 allow authenticated users to export confidential issues assigned to other users via CSV export due to missing authorization validation. The vulnerability affects approximately three release branches with a moderate CVSS score of 4.3, limited by the requirement for prior authentication and lack of integrity impact, but represents a direct confidentiality breach in multi-tenant environments where issue classification is a security boundary.
GitLab EE versions 11.3 through 18.10.2 allow authenticated developers to modify protected environment settings through improper authorization checks in the API, enabling privilege escalation within project scope. The vulnerability requires valid developer credentials and network access but allows an attacker to alter security-critical environment configurations without appropriate permissions. CVSS 4.3 (low severity) reflects limited scope and integrity-only impact; no public exploit or active exploitation via CISA KEV has been confirmed.
Authenticated users can leak IP addresses of other users viewing Code Quality reports in GitLab EE through specially crafted malicious content injection. The vulnerability affects GitLab EE versions 18.0.0 through 18.10.2, requires user interaction (report viewing), and has been patched in versions 18.8.9, 18.9.5, and 18.10.3. No public exploit code or active exploitation has been confirmed; the vulnerability was discovered and reported through the GitLab responsible disclosure program.
Denial of service in GitLab EE 18.2-18.10 allows authenticated users to crash the GitLab instance through improper input validation in GraphQL queries. GitLab EE versions 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 are affected. An authenticated attacker with any valid GitLab account can trigger the vulnerability by submitting a malformed GraphQL query, causing the instance to become unavailable. No public exploit code has been identified at the time of analysis, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
Denial of service in GitLab CE/EE versions 12.10 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 allows unauthenticated remote attackers to crash GitLab services via malformed JSON payloads. Improper input validation (CWE-1284) enables resource exhaustion attacks without authentication. CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no user interaction. No public exploit identified at time of analysis. EPSS data unavailable; not listed in CISA KEV.
Authenticated users in GitLab EE versions 16.6-18.8.8, 18.9-18.9.4, and 18.10-18.10.2 can expose other users' email addresses through specific GraphQL queries due to improper authorization checks. An authenticated attacker can enumerate valid user accounts and retrieve their email addresses without additional privileges, violating confidentiality. No public exploit code or active exploitation has been confirmed; patches are available in GitLab 18.8.9, 18.9.5, and 18.10.3.
Denial of service in GitLab CE/EE versions 13.0 through 18.10.2 allows unauthenticated remote attackers to exhaust server resources via repeated GraphQL queries. Affects all installations from version 13.0 before patched releases 18.8.9, 18.9.5, and 18.10.3. Attackers can degrade or halt GitLab service availability without authentication, impacting development workflows and CI/CD pipelines. No public exploit identified at time of analysis.
Improper authorization in GitLab CE/EE Jira Connect integration allows authenticated users with minimal workspace permissions to steal installation credentials and impersonate the GitLab application. Affects versions 14.3 through 18.8.6, 18.9.0-18.9.2, and 18.10.0. Vendor-released patches available in versions 18.8.7, 18.9.3, and 18.10.1. High CVSS score (8.1) reflects significant confidentiality and integrity impact with low attack complexity. No public exploit identified at time of analysis, though detailed disclosure exists via HackerOne report.
GitLab CE/EE contains a denial of service vulnerability in webhook configuration processing that allows authenticated users to consume excessive server resources, affecting versions 16.10 through 18.10.0. An attacker with valid GitLab credentials can trigger this issue by submitting specially crafted webhook configuration inputs, resulting in application unavailability. A proof-of-concept exploit is publicly available via HackerOne, and patches are available for affected versions.
GitLab CE/EE contains a denial of service vulnerability in CI-related input handling that allows authenticated users to consume excessive server resources, potentially rendering the service unavailable. Versions 13.7 through 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are affected across all GitLab installations. A publicly available proof-of-concept exists from HackerOne (report 3418149), though CISA has not flagged this for active exploitation in the wild, and the SSVC framework indicates no evidence of current weaponization despite automatable characteristics being unavailable.
An improper access control vulnerability in GitLab EE allows authenticated users with the Planner role to view sensitive security category metadata and attributes in group security configurations they should not have access to. Affected versions include GitLab 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. While the CVSS score is moderate at 4.3 (low confidentiality impact), a publicly available proof-of-concept exists and the vulnerability represents a straightforward privilege escalation through role-based access control bypass.
GitLab EE contains an improper access control vulnerability that allows unauthenticated users to retrieve API tokens for self-hosted AI models without authentication. The vulnerability affects GitLab versions 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, impacting any organization running these versions with AI model integrations. With a CVSS score of 6.8 and publicly available proof-of-concept code, this represents a significant credential exposure risk requiring immediate patching.
GitLab CE/EE versions 7.11 through 18.10 contain an authentication bypass vulnerability in the WebAuthn two-factor authentication implementation due to inconsistent input validation, allowing unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability affects a wide version range spanning multiple releases (7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1). A proof-of-concept exploit is publicly available, and while the CVSS score of 6.8 indicates moderate severity, the authentication bypass nature and active exploit availability represent a significant real-world threat to GitLab deployments.
GitLab CE/EE contains an improper access control vulnerability in cross-repository merge request operations that allows authenticated users to perform unauthorized actions on merge requests in projects they should not have access to. Affected versions span from 11.10 through 18.10.1, with patches available in 18.8.7, 18.9.3, and 18.10.1. A public proof-of-concept exploit exists (referenced via HackerOne report 3543886), though CISA has not listed this in the Known Exploited Vulnerabilities catalog, indicating limited active exploitation despite public availability of exploit code.
This vulnerability is a stored cross-site scripting (XSS) flaw in GitLab's Mermaid diagram rendering that allows authenticated users to inject arbitrary JavaScript code into other users' browsers through improperly sanitized entity-encoded content. The vulnerability affects GitLab CE/EE versions 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, with a CVSS score of 5.4 (medium severity). A public proof-of-concept exploit is available on HackerOne, indicating active awareness in the security community.
Improper HTML sanitization in GitLab EE versions 15.4-18.10.1 allows authenticated users to add email addresses to arbitrary user accounts, potentially enabling account takeover or unauthorized access escalation. Public exploit code exists for this vulnerability, and no patch is currently available. Affected deployments should implement access controls to restrict user modification privileges until updates become available.
A Cross-Site Request Forgery (CSRF) vulnerability in GitLab Community Edition and Enterprise Edition allows unauthenticated attackers to execute arbitrary GraphQL mutations on behalf of authenticated users without their consent. All versions from 17.10 before 18.8.7, versions 18.9 before 18.9.3, and versions 18.10 before 18.10.1 are affected. A public proof-of-concept exploit is available via HackerOne report 3584382, significantly increasing the risk of active exploitation.
GitLab CE/EE contains a denial of service vulnerability in GraphQL request processing due to improper input validation (CWE-407). All versions from 18.5 through 18.8.6, 18.9 through 18.9.2, and 18.10 before 18.10.1 are affected. An unauthenticated attacker can remotely exploit this with low complexity to render GitLab instances unresponsive, and a public proof-of-concept exploit is available via HackerOne report 3597342.
GitLab EE versions 18.1 through 18.8.6, 18.9.0 through 18.9.2, and 18.10.0 suffer from improper caching of authorization decisions that allows authenticated users to gain unauthorized access to resources under certain conditions. The vulnerability requires user interaction and has relatively high attack complexity, but impacts confidentiality and integrity of accessed resources. No public evidence of active exploitation or proof-of-concept code is currently documented.
An authenticated user could view confidential issue titles in public GitLab projects that they shouldn't have access to due to a flaw in access controls. This affects GitLab CE/EE versions 8.14 through 18.9.1, impacting any organization using these versions. An attacker with a GitLab account could exploit this to read sensitive information hidden in issue titles, potentially exposing confidential project details.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 versions up to 18.7.6 is affected by incorrect authorization (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 versions up to 18.7.6 contains a security vulnerability (CVSS 5.0).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 versions up to 18.7.6 is affected by missing authorization (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 versions up to 18.7.6 is affected by use of incorrectly-resolved name or reference (CVSS 4.1).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 versions up to 18.7.6 is affected by cross-site scripting (xss) (CVSS 8.7).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 versions up to 18.9.2 is affected by uncontrolled recursion (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 contains a security vulnerability (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 versions up to 18.7.6 is affected by missing authorization (CVSS 3.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 versions up to 18.7.6 is affected by improper encoding or escaping of output (CVSS 2.2).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Unauthorized modification of protected Conan packages in GitLab EE allows Developer-role users to bypass package protection controls under specific conditions. Affected versions include 17.11 through 18.7.4, 18.8.0 through 18.8.4, and 18.9.0 before 18.9.1. An attacker with Developer privileges could alter protected package contents despite insufficient permissions to do so.
Gitlab versions up to 18.9.0 is affected by allocation of resources without limits or throttling (CVSS 5.3).
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Gitlab versions up to 18.7.5 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).
GitLab CE/EE versions 16.2 through 18.9.0 are vulnerable to cross-site scripting (XSS) in the Mermaid sandbox UI, allowing unauthenticated attackers to inject arbitrary scripts under specific conditions. The vulnerability affects multiple release branches and currently has no available patch, requiring users to upgrade to patched versions 18.7.5, 18.8.5, or 18.9.1 and later. An attacker could exploit this to perform malicious actions in the context of other users' sessions, potentially compromising sensitive data or account security.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. [CVSS 7.5 HIGH]
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions. [CVSS 4.3 MEDIUM]
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.7.4 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. [CVSS 3.5 LOW]
GitLab CE/EE versions 18.8 before 18.8.4 allow authenticated developers to obscure file modifications from the web interface through specially crafted changes. This vulnerability enables users with developer privileges to conceal their code alterations from visibility and review, potentially bypassing transparency controls. Currently no patch is available, and the issue requires user interaction to exploit.
Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 4.3).
GitLab CE/EE versions 18.4 through 18.8 are vulnerable to unauthenticated denial of service attacks where an attacker can exhaust server resources by circumventing JSON validation limits. An unauthenticated remote attacker can trigger excessive memory or CPU consumption without authentication or user interaction, potentially rendering the service unavailable. Currently no patch is available for this vulnerability.
Authenticated users in GitLab CE/EE versions 13.9 through 18.8.3 can inject HTML into test case titles to add unauthorized email addresses to victim accounts. This stored XSS vulnerability requires user interaction and does not impact confidentiality of the attacker's own data. No patch is currently available for this high-severity issue affecting multiple recent GitLab versions.
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE. [CVSS 8.0 HIGH]
Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 3.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. [CVSS 3.7 LOW]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. [CVSS 7.3 HIGH]
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. [CVSS 5.4 MEDIUM]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. [CVSS 4.3 MEDIUM]
GitLab AI Gateway's Duo Workflow Service has a CVSS 9.9 server-side template injection enabling code execution through the AI workflow system.
Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private project resources despite administrative revocation. Affected are all GitLab CE/EE instances running versions 18.9 through 18.10.6, 18.11 through 18.11.3, and 19.0.0 - patched versions 18.10.7, 18.11.4, and 19.0.1 were released 2026-05-27. A publicly available exploit exists via HackerOne report #3554993, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.
Unauthorized CI data access in GitLab CE/EE allows an authenticated low-privileged user to read CI pipeline data from a ref type (branch, tag, or merge request ref) other than the one they are authorized to view, under certain unspecified conditions. All GitLab installations - both Community and Enterprise editions - running versions from 12.7 through the unpatched releases are affected. The vulnerability is classified as information disclosure with low confidentiality impact; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.
Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated network attackers due to incorrect authorization checks (CWE-863). All GitLab installations running versions from 18.2 through the patched releases are affected - both Community and Enterprise editions. While the direct impact is limited to information disclosure (project enumeration rather than content access), exposed project names and IDs can facilitate targeted follow-on attacks against otherwise hidden repositories. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Authorization bypass in GitLab Enterprise Edition allows authenticated users holding only developer-role permissions to circumvent flow restrictions when foundational flows are enabled at the group level. Affecting all EE versions from 18.7 through 19.0 (prior to the respective patch releases), this flaw stems from missing authorization checks (CWE-862) and results in a low-integrity-impact, network-accessible exploitation path. No active exploitation has been identified (SSVC: Exploitation none), and GitLab has released patches across all affected branches as of 2026-05-27.
Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo AI workflows to execute under another user's identity, crossing the trust boundary between accounts (CVSS scope: changed). The flaw stems from improper user identity resolution and affects GitLab Enterprise Edition 18.8 through 18.10.6, 18.11 through 18.11.3, and 19.0, with High confidentiality and integrity impact but no availability impact. No public exploit has been identified, CISA's SSVC marks exploitation as 'none,' and the High attack complexity (AC:H) combined with the 'under certain conditions' caveat indicates exploitation is non-trivial rather than push-button.
GitLab Enterprise Edition exposes sensitive deployment data to authenticated users holding only developer-role permissions due to missing authorization checks on deployment-related project resources (CWE-862). Affected versions span a wide range - all EE releases from 11.5 through 18.10.6, 18.11.0 through 18.11.3, and 19.0.0 - making this broadly applicable across unpatched GitLab EE deployments. No public exploit identified at time of analysis per CISA KEV, though SSVC intelligence indicates proof-of-concept code exists, and a HackerOne report (3556381) corroborates researcher discovery.
Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, allowing a low-privileged authenticated user to crash or degrade service availability through insufficient input validation. The root cause is CWE-770 (resource allocation without limits or throttling), meaning a specially crafted request can exhaust server-side resources under certain conditions. Publicly available exploit code exists per SSVC assessment, though CISA has not added this to the Known Exploited Vulnerabilities catalog and automated mass exploitation is considered unlikely.
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain full read/write access to the host filesystem. All Kata Containers installations prior to commit ffa59ce3aa78 are affected when using the default configuration.toml, which enables the `virtio_fs_extra_args` and `kernel_params` pod annotations out of the box. An attacker crafts a pod with two annotations: one to redirect virtiofsd to serve the host root filesystem (`/`) into the guest VM, and a second to enable the agent debug console - after which the entire host filesystem is accessible from inside the supposedly isolated VM. A fully working proof-of-concept with confirmed output against Kata Containers 3.28.0 on Ubuntu 24.04 has been publicly disclosed; no public exploit confirmed as actively exploited (CISA KEV) at time of analysis.
Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands through the unsanitized reference field. The GitHubRepository block concatenates user input directly into git clone commands, enabling attackers to inject malicious options that can lead to SSRF, credential theft, or remote code execution. While no active exploitation is confirmed, the straightforward attack vector and high impact make this a priority for organizations using Prefect's GitHub integration features.
Unauthenticated agent token theft in Coder v2 (self-hosted developer workspace platform) stems from azureidentity.Validate() verifying the PKCS#7 signer's certificate chain but skipping signature verification of the signed content itself. Remote attackers who know a target VM's vmId (a UUIDv4) can forge a PKCS#7 envelope containing a legitimate Azure certificate alongside attacker-controlled content and POST it to the unauthenticated /api/v2/workspaceagents/azure-instance-identity endpoint to receive the victim workspace agent's session token, which then unlocks Git SSH keys, OAuth tokens for GitHub/GitLab/Bitbucket, and workspace secrets. No public exploit identified at time of analysis, but the vulnerability is vendor-confirmed via GHSA-6x44-w3xg-hqqf and a detailed root-cause analysis with attack-path diagram is published.
Broken access control in Arcane's GitOps backend (versions <= 1.18.1) allows any authenticated low-privilege user to exfiltrate plaintext Git credentials (PATs/SSH keys) stored for source-of-truth repositories. Eight of nine /api/customize/git-repositories endpoints omit the checkAdmin() gate, letting a 'user' role attacker repoint a repository URL to an attacker-controlled host and trigger a /test or /branches call that transmits the decrypted token via HTTP Basic auth. No public exploit identified at time of analysis, but the GHSA advisory documents a complete attack chain and a patched release (1.19.0) is available.
{option}` or `/gitlab webhook {option}`, resulting in availability impact (A:H) to the Gitlab plugin infrastructure. CVSS 6.5 reflects moderate risk, with EPSS data and active exploitation status not available at time of analysis.
Unauthenticated remote access to GitLab API operations via gitlab-mcp-server's SSE transport allows attackers to execute all 86 exposed GitLab management tools-including repository deletion, file modification, and configuration changes-using the operator's Personal Access Token. When configured with USE_SSE=true (a documented feature), the Node.js server binds to 0.0.0.0 with wildcard CORS headers, enabling both network-adjacent attackers and malicious web pages to invoke destructive operations without credentials. Public exploit code demonstrates the attack path from initial SSE connection through authenticated GitLab API calls. Patch version 0.6.0 addresses the authentication bypass per GitHub advisory GHSA-8jr5-6gvj-rfpf.
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to open a popup on the attacker-controlled host instead of gitlab.com. This can lead to credential fishing and session state token exfiltration. This issue has been patched in version 29.7.9.
Policy rollback vulnerability in gittuf versions up to 0.13.1 allows attackers with push access to the Reference State Log (RSL) to downgrade repository policies to previously signed versions, bypassing security controls. An attacker cannot roll back to policies that would be unsigned by the current root keys, but can selectively choose any valid prior policy state. Vendor-released patch: gittuf v0.14.0 introduces monotonically increasing version numbers to all policy metadata to prevent rollback attacks.
Cross-site scripting (XSS) in GitLab CE/EE 18.11 before 18.11.1 allows authenticated users to inject unauthorized content into other users' browsers through improper input validation in the Mermaid diagram sandbox. An attacker must have valid GitLab credentials and the victim must view a malicious diagram, limiting real-world impact despite the publicly available exploit code. SSVC analysis rates this as non-automatable with partial technical impact, consistent with the low CVSS 3.5 score.
Cross-Site Request Forgery (CSRF) in GitLab CE/EE allows remote unauthenticated attackers to execute GraphQL mutations as authenticated victims through crafted web pages. Affects all versions from 17.0 through 18.11.0, with publicly available exploit code (HackerOne report 3627285). Despite high CVSS 8.1, exploitation requires user interaction (phishing/social engineering) and is not automatable per CISA SSVC framework. No evidence of active exploitation in CISA KEV at time of analysis. Vendor patches released: 18.9.6, 18.10.4, and 18.11.1.
Authenticated users can trigger denial of service in GitLab CE/EE versions 10.6 through 18.11.0 by sending crafted requests to the discussions endpoint that exhaust server resources. The vulnerability requires valid authentication credentials and affects all affected versions across the 10.6, 18.9, 18.10, and 18.11 release branches. Publicly available exploit code exists; CISA has not yet listed this in the Known Exploited Vulnerabilities catalog, but active exploitation likelihood is moderate given public POC availability and the low complexity of resource exhaustion attacks.
Authenticated users can trigger denial of service in GitLab by overwhelming system resources through the GraphQL API due to insufficient resource allocation limits. Affected versions span from 12.4 through 18.11.0 across three release branches. Publicly available exploit code exists, though active exploitation has not been confirmed in CISA KEV. CVSS 6.5 reflects moderate severity with high availability impact but requires valid authentication.
Denial of service in GitLab CE/EE affects authenticated users who can trigger resource exhaustion when retrieving notes under specific conditions, causing service unavailability. Versions 9.2 through 18.9.5, 18.10.0 through 18.10.3, and 18.11.0 are vulnerable. An authenticated attacker with standard user privileges can exploit this remotely without user interaction via crafted note retrieval requests. A publicly available exploit exists, and patches have been released by GitLab.
Authenticated project owners in GitLab CE/EE versions 11.2-18.9.5, 18.10-18.10.3, and 18.11-18.11.0 can bypass group fork prevention settings due to improper authorization checks, allowing them to create forks when they should be restricted. The vulnerability requires authentication and high-privilege access (project owner role), resulting in low severity (CVSS 2.7). Publicly available exploit code exists and patch versions have been released by the vendor.
Denial of service in GitLab CE/EE versions 12.3 through 18.11.0 allows authenticated users to trigger excessive resource consumption during issue import operations due to improper input validation on user-supplied data. The vulnerability affects all minor versions from 12.3 onwards until patched versions 18.9.6, 18.10.4, and 18.11.1. Publicly available exploit code exists, and CISA SSVC assessment indicates the vulnerability is exploitable but not automatable at scale.
Cross-site scripting vulnerability in GitLab's Storybook development environment allows remote unauthenticated attackers to steal access tokens via crafted user interaction. Affects GitLab CE/EE versions 16.1.0 through 18.9.5, 18.10 through 18.10.3, and 18.11.0. Publicly available exploit code exists (HackerOne report 3574642), though CISA SSVC indicates no confirmed active exploitation at time of analysis. CVSS 8.0 reflects high confidentiality and integrity impact with scope change, but CVSS vector AC:H (high complexity) and UI:R (user interaction required) indicate exploitation requires targeted social engineering rather than automated mass exploitation.
GitLab CE/EE 18.11 before 18.11.1 allows authenticated users to bypass access controls and read titles of confidential or private issues in public projects through improper validation in the issue description rendering process. The vulnerability requires valid user credentials but no elevated privileges, affecting the confidentiality of issue metadata that should be restricted. Publicly available exploit code exists, and a vendor patch is available.
Cross-site scripting (XSS) in GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 enables unauthenticated attackers to execute arbitrary JavaScript in victim browser sessions via improper path validation. GitLab disclosed this vulnerability with publicly available exploit code (HackerOne report 3572231), though CISA SSVC indicates no active exploitation confirmed at time of analysis. CVSS 8.0 reflects the changed scope (S:C) allowing impact beyond the vulnerable component, though High attack complexity (AC:H) and required user interaction (UI:R) limit ease of exploitation. Patched in versions 18.10.4 and 18.11.1.
GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 allow authenticated users to access Virtual Registries using invalidated or incorrectly scoped credentials under certain conditions, resulting in unauthorized information disclosure and modification. The vulnerability requires valid user credentials and network access but no user interaction, affecting confidentiality and integrity with partial technical impact per SSVC. No public exploit code or active exploitation has been identified at time of analysis.
Credential leakage in Tekton Pipelines git resolver allows authenticated users to exfiltrate system-configured Git API tokens (GitHub PAT, GitLab tokens) by directing the resolver to attacker-controlled endpoints. Affects versions 1.0.0 through 1.10.0 when users omit the token parameter in TaskRun or PipelineRun configurations. CVSS 7.7 with scope change reflects cross-tenant credential theft potential in multi-tenant Kubernetes environments. No active exploitation confirmed (not in CISA KEV), but exploitation is straightforward for authenticated cluster users with TaskRun/PipelineRun creation privileges.
Improper access control in GitLab CE/EE 16.9.6-18.10.2 enables authenticated attackers to invoke unauthorized server-side methods via websocket connections, achieving high-severity information disclosure with changed scope. Affects continuous integration/deployment platforms running vulnerable GitLab instances. Exploitation requires low-privilege authentication but no user interaction, enabling lateral information access across security boundaries.
Improper authorization checks in GitLab CE/EE versions 18.2-18.10.2 allow authenticated users with custom role permissions to demote or remove higher-privileged group members, violating role-based access control boundaries. The vulnerability requires high-privilege authentication and results only in integrity compromise (member privilege modification), not data exposure or availability loss. CVSS score of 2.7 reflects the restricted attack surface, though the reputational and operational risk of privilege escalation via role abuse warrants timely patching.
Stored cross-site scripting (XSS) in GitLab EE customizable analytics dashboards allows authenticated users to execute arbitrary JavaScript in other users' browsers due to improper input sanitization. Affected versions include 18.2-18.8.8, 18.9-18.9.4, and 18.10-18.10.2. An attacker with valid GitLab credentials can craft malicious dashboard configurations that execute when other users view the dashboard, potentially stealing session tokens, modifying visible data, or performing actions on behalf of the victim. No public exploit code or active exploitation in the wild has been confirmed; patches are available.
GitLab EE versions 18.6-18.8.8, 18.9-18.9.4, and 18.10-18.10.2 allow authenticated users with auditor role privileges to modify vulnerability flag data in private projects due to improper authorization checks. The vulnerability requires valid GitLab credentials and auditor-level access but enables unauthorized data integrity compromise within project security contexts.
GitLab CE/EE versions 18.2-18.10.2 allow authenticated users to export confidential issues assigned to other users via CSV export due to missing authorization validation. The vulnerability affects approximately three release branches with a moderate CVSS score of 4.3, limited by the requirement for prior authentication and lack of integrity impact, but represents a direct confidentiality breach in multi-tenant environments where issue classification is a security boundary.
GitLab EE versions 11.3 through 18.10.2 allow authenticated developers to modify protected environment settings through improper authorization checks in the API, enabling privilege escalation within project scope. The vulnerability requires valid developer credentials and network access but allows an attacker to alter security-critical environment configurations without appropriate permissions. CVSS 4.3 (low severity) reflects limited scope and integrity-only impact; no public exploit or active exploitation via CISA KEV has been confirmed.
Authenticated users can leak IP addresses of other users viewing Code Quality reports in GitLab EE through specially crafted malicious content injection. The vulnerability affects GitLab EE versions 18.0.0 through 18.10.2, requires user interaction (report viewing), and has been patched in versions 18.8.9, 18.9.5, and 18.10.3. No public exploit code or active exploitation has been confirmed; the vulnerability was discovered and reported through the GitLab responsible disclosure program.
Denial of service in GitLab EE 18.2-18.10 allows authenticated users to crash the GitLab instance through improper input validation in GraphQL queries. GitLab EE versions 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 are affected. An authenticated attacker with any valid GitLab account can trigger the vulnerability by submitting a malformed GraphQL query, causing the instance to become unavailable. No public exploit code has been identified at the time of analysis, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
Denial of service in GitLab CE/EE versions 12.10 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 allows unauthenticated remote attackers to crash GitLab services via malformed JSON payloads. Improper input validation (CWE-1284) enables resource exhaustion attacks without authentication. CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no user interaction. No public exploit identified at time of analysis. EPSS data unavailable; not listed in CISA KEV.
Authenticated users in GitLab EE versions 16.6-18.8.8, 18.9-18.9.4, and 18.10-18.10.2 can expose other users' email addresses through specific GraphQL queries due to improper authorization checks. An authenticated attacker can enumerate valid user accounts and retrieve their email addresses without additional privileges, violating confidentiality. No public exploit code or active exploitation has been confirmed; patches are available in GitLab 18.8.9, 18.9.5, and 18.10.3.
Denial of service in GitLab CE/EE versions 13.0 through 18.10.2 allows unauthenticated remote attackers to exhaust server resources via repeated GraphQL queries. Affects all installations from version 13.0 before patched releases 18.8.9, 18.9.5, and 18.10.3. Attackers can degrade or halt GitLab service availability without authentication, impacting development workflows and CI/CD pipelines. No public exploit identified at time of analysis.
Improper authorization in GitLab CE/EE Jira Connect integration allows authenticated users with minimal workspace permissions to steal installation credentials and impersonate the GitLab application. Affects versions 14.3 through 18.8.6, 18.9.0-18.9.2, and 18.10.0. Vendor-released patches available in versions 18.8.7, 18.9.3, and 18.10.1. High CVSS score (8.1) reflects significant confidentiality and integrity impact with low attack complexity. No public exploit identified at time of analysis, though detailed disclosure exists via HackerOne report.
GitLab CE/EE contains a denial of service vulnerability in webhook configuration processing that allows authenticated users to consume excessive server resources, affecting versions 16.10 through 18.10.0. An attacker with valid GitLab credentials can trigger this issue by submitting specially crafted webhook configuration inputs, resulting in application unavailability. A proof-of-concept exploit is publicly available via HackerOne, and patches are available for affected versions.
GitLab CE/EE contains a denial of service vulnerability in CI-related input handling that allows authenticated users to consume excessive server resources, potentially rendering the service unavailable. Versions 13.7 through 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are affected across all GitLab installations. A publicly available proof-of-concept exists from HackerOne (report 3418149), though CISA has not flagged this for active exploitation in the wild, and the SSVC framework indicates no evidence of current weaponization despite automatable characteristics being unavailable.
An improper access control vulnerability in GitLab EE allows authenticated users with the Planner role to view sensitive security category metadata and attributes in group security configurations they should not have access to. Affected versions include GitLab 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. While the CVSS score is moderate at 4.3 (low confidentiality impact), a publicly available proof-of-concept exists and the vulnerability represents a straightforward privilege escalation through role-based access control bypass.
GitLab EE contains an improper access control vulnerability that allows unauthenticated users to retrieve API tokens for self-hosted AI models without authentication. The vulnerability affects GitLab versions 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, impacting any organization running these versions with AI model integrations. With a CVSS score of 6.8 and publicly available proof-of-concept code, this represents a significant credential exposure risk requiring immediate patching.
GitLab CE/EE versions 7.11 through 18.10 contain an authentication bypass vulnerability in the WebAuthn two-factor authentication implementation due to inconsistent input validation, allowing unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability affects a wide version range spanning multiple releases (7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1). A proof-of-concept exploit is publicly available, and while the CVSS score of 6.8 indicates moderate severity, the authentication bypass nature and active exploit availability represent a significant real-world threat to GitLab deployments.
GitLab CE/EE contains an improper access control vulnerability in cross-repository merge request operations that allows authenticated users to perform unauthorized actions on merge requests in projects they should not have access to. Affected versions span from 11.10 through 18.10.1, with patches available in 18.8.7, 18.9.3, and 18.10.1. A public proof-of-concept exploit exists (referenced via HackerOne report 3543886), though CISA has not listed this in the Known Exploited Vulnerabilities catalog, indicating limited active exploitation despite public availability of exploit code.
This vulnerability is a stored cross-site scripting (XSS) flaw in GitLab's Mermaid diagram rendering that allows authenticated users to inject arbitrary JavaScript code into other users' browsers through improperly sanitized entity-encoded content. The vulnerability affects GitLab CE/EE versions 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, with a CVSS score of 5.4 (medium severity). A public proof-of-concept exploit is available on HackerOne, indicating active awareness in the security community.
Improper HTML sanitization in GitLab EE versions 15.4-18.10.1 allows authenticated users to add email addresses to arbitrary user accounts, potentially enabling account takeover or unauthorized access escalation. Public exploit code exists for this vulnerability, and no patch is currently available. Affected deployments should implement access controls to restrict user modification privileges until updates become available.
A Cross-Site Request Forgery (CSRF) vulnerability in GitLab Community Edition and Enterprise Edition allows unauthenticated attackers to execute arbitrary GraphQL mutations on behalf of authenticated users without their consent. All versions from 17.10 before 18.8.7, versions 18.9 before 18.9.3, and versions 18.10 before 18.10.1 are affected. A public proof-of-concept exploit is available via HackerOne report 3584382, significantly increasing the risk of active exploitation.
GitLab CE/EE contains a denial of service vulnerability in GraphQL request processing due to improper input validation (CWE-407). All versions from 18.5 through 18.8.6, 18.9 through 18.9.2, and 18.10 before 18.10.1 are affected. An unauthenticated attacker can remotely exploit this with low complexity to render GitLab instances unresponsive, and a public proof-of-concept exploit is available via HackerOne report 3597342.
GitLab EE versions 18.1 through 18.8.6, 18.9.0 through 18.9.2, and 18.10.0 suffer from improper caching of authorization decisions that allows authenticated users to gain unauthorized access to resources under certain conditions. The vulnerability requires user interaction and has relatively high attack complexity, but impacts confidentiality and integrity of accessed resources. No public evidence of active exploitation or proof-of-concept code is currently documented.
An authenticated user could view confidential issue titles in public GitLab projects that they shouldn't have access to due to a flaw in access controls. This affects GitLab CE/EE versions 8.14 through 18.9.1, impacting any organization using these versions. An attacker with a GitLab account could exploit this to read sensitive information hidden in issue titles, potentially exposing confidential project details.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 versions up to 18.7.6 is affected by incorrect authorization (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 versions up to 18.7.6 contains a security vulnerability (CVSS 5.0).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 versions up to 18.7.6 is affected by missing authorization (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 versions up to 18.7.6 is affected by use of incorrectly-resolved name or reference (CVSS 4.1).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 versions up to 18.7.6 is affected by cross-site scripting (xss) (CVSS 8.7).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 versions up to 18.9.2 is affected by uncontrolled recursion (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 contains a security vulnerability (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 versions up to 18.7.6 is affected by missing authorization (CVSS 3.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 versions up to 18.7.6 is affected by improper encoding or escaping of output (CVSS 2.2).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Unauthorized modification of protected Conan packages in GitLab EE allows Developer-role users to bypass package protection controls under specific conditions. Affected versions include 17.11 through 18.7.4, 18.8.0 through 18.8.4, and 18.9.0 before 18.9.1. An attacker with Developer privileges could alter protected package contents despite insufficient permissions to do so.
Gitlab versions up to 18.9.0 is affected by allocation of resources without limits or throttling (CVSS 5.3).
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Gitlab versions up to 18.7.5 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).
GitLab CE/EE versions 16.2 through 18.9.0 are vulnerable to cross-site scripting (XSS) in the Mermaid sandbox UI, allowing unauthenticated attackers to inject arbitrary scripts under specific conditions. The vulnerability affects multiple release branches and currently has no available patch, requiring users to upgrade to patched versions 18.7.5, 18.8.5, or 18.9.1 and later. An attacker could exploit this to perform malicious actions in the context of other users' sessions, potentially compromising sensitive data or account security.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. [CVSS 7.5 HIGH]
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions. [CVSS 4.3 MEDIUM]
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.7.4 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. [CVSS 3.5 LOW]
GitLab CE/EE versions 18.8 before 18.8.4 allow authenticated developers to obscure file modifications from the web interface through specially crafted changes. This vulnerability enables users with developer privileges to conceal their code alterations from visibility and review, potentially bypassing transparency controls. Currently no patch is available, and the issue requires user interaction to exploit.
Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 4.3).
GitLab CE/EE versions 18.4 through 18.8 are vulnerable to unauthenticated denial of service attacks where an attacker can exhaust server resources by circumventing JSON validation limits. An unauthenticated remote attacker can trigger excessive memory or CPU consumption without authentication or user interaction, potentially rendering the service unavailable. Currently no patch is available for this vulnerability.
Authenticated users in GitLab CE/EE versions 13.9 through 18.8.3 can inject HTML into test case titles to add unauthorized email addresses to victim accounts. This stored XSS vulnerability requires user interaction and does not impact confidentiality of the attacker's own data. No patch is currently available for this high-severity issue affecting multiple recent GitLab versions.
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 7.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE. [CVSS 8.0 HIGH]
Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 3.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. [CVSS 3.7 LOW]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. [CVSS 7.3 HIGH]
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. [CVSS 5.4 MEDIUM]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. [CVSS 4.3 MEDIUM]
GitLab AI Gateway's Duo Workflow Service has a CVSS 9.9 server-side template injection enabling code execution through the AI workflow system.