Gitlab Vulnerabilities

An attacker with an authenticated account could potentially access sensitive metadata from private issues, merge requests, and other project elements due to a flaw in how GitLab handles snippets. This issue affects specific versions of GitLab and occurs under certain conditions when rendering snippets.

An attacker could exploit a flaw in GitLab's API to send specially crafted data that causes the system to crash, leading to a denial of service. This vulnerability affects specific versions of GitLab and can be triggered by anyone without needing to log in.

This vulnerability allows an attacker to crash the GitLab service by sending specially crafted requests to certain repository archive endpoints, effectively causing a denial of service. It affects specific versions of GitLab, and the attacker does not need to be logged in to exploit it.

This vulnerability allows an authenticated user to crash the GitLab server, leading to a denial of service, by sending specially crafted webhook header names. It affects specific versions of GitLab and requires the attacker to have access to an account on the system.

An attacker could access sensitive Virtual Registry data from groups they don't belong to if they were already logged into GitLab, due to a flaw in the system's authorization checks. This issue affects specific versions of GitLab and requires the attacker to be an authenticated user.

This vulnerability allows an attacker with maintainer permissions to potentially expose sensitive Datadog API credentials. It only affects specific versions of GitLab and requires the attacker to be logged in as a maintainer to exploit the issue.

This vulnerability allows an attacker to send malicious requests to internal services within a GitLab instance, potentially exposing sensitive data or causing disruptions. It can be exploited by anyone, even if they are not logged in, as long as the GitLab instance has webhooks enabled and is running a version from 10.5 onward.