Gitlab

Gitlab

1222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-8778

Exploit
  • EPSS 0.07%
  • Veröffentlicht 04.05.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

8.2

CVE-2016-9469

Exploit
  • EPSS 0.14%
  • Veröffentlicht 28.03.2017 02:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could...

6.3

CVE-2017-0882

Exploit
  • EPSS 0.18%
  • Veröffentlicht 28.03.2017 02:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

8.8

CVE-2016-4340

Exploit
  • EPSS 2.79%
  • Veröffentlicht 23.01.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

6.5

CVE-2016-9086

  • EPSS 13.49%
  • Veröffentlicht 03.11.2016 10:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab ver...

6.5

CVE-2013-4489

  • EPSS 0.2%
  • Veröffentlicht 17.05.2014 20:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

6.5

CVE-2013-4546

  • EPSS 0.22%
  • Veröffentlicht 13.05.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

4.3

CVE-2014-3456

  • EPSS 0.08%
  • Veröffentlicht 13.05.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2013-4490

  • EPSS 48.02%
  • Veröffentlicht 13.05.2014 15:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

6.8

CVE-2013-4580

  • EPSS 0.1%
  • Veröffentlicht 12.05.2014 14:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.