Security Vulnerabilities - CVEs Published In August 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-08-08
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-08-08
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-08
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
CVSS Score
4.2
EPSS Score
0.0
Published
2024-08-08
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-08-08
Vulnerability of uncaught exceptions in the Graphics module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
9.3
EPSS Score
0.001
Published
2024-08-08
Vulnerability of PIN enhancement failures in the screen lock module
Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-08-08
LaunchAnywhere vulnerability in the account module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.6
EPSS Score
0.0
Published
2024-08-08
Permission control vulnerability in the App Multiplier module
Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-08-08
Access permission verification vulnerability in the Notepad module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
2.5
EPSS Score
0.001
Published
2024-08-08