CVE-2024-10240 - How Unauthenticated Users Could Peek Into Private GitLab Merge Requests
GitLab has always been one of the major players in managing code, collaborating on projects, and hosting private repositories. But even the best platforms sometimes
CVE-2024-53620 - Exploiting XSS in SPIP v4.3.3 Article Module — How Attackers Can Inject Code via the Title Parameter
In early June 2024, a new vulnerability, CVE-2024-53620, was discovered in the widely-used open-source CMS, SPIP. This issue affects version 4.3.3 and involves
CVE-2024-8177 - Denial of Service in GitLab via Malicious Harbor Registry Integration
_Discovered in early 2024, CVE-2024-8177 is a significant Denial of Service (DoS) vulnerability affecting a wide range of GitLab Community Edition (CE) and Enterprise Edition
CVE-2024-8114 - Critical Privilege Escalation in GitLab via Compromised Personal Access Token (PAT)
In the ongoing mission to make software more secure, vulnerabilities are inevitable in even the most trusted platforms. On June 24, 2024, GitLab issued a
CVE-2024-11828 - How a GitLab Regression Opened Doors to API Denial-of-Service Attacks
---
Introduction
A new denial of service (DoS) vulnerability, known as CVE-2024-11828, was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). The issue
Episode
00:00:00
00:00:00