Gitlab

Gitlab

1222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2024-12570

Exploit
  • EPSS 0.03%
  • Veröffentlicht 12.12.2024 12:15:22
  • Zuletzt bearbeitet 11.07.2025 20:21:32

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a Git...

3.1

CVE-2024-10043

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.12.2024 12:15:21
  • Zuletzt bearbeitet 11.07.2025 20:33:50

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident titl...

5.3

CVE-2024-10240

  • EPSS 0.15%
  • Veröffentlicht 26.11.2024 20:15:24
  • Zuletzt bearbeitet 13.12.2024 01:37:16

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some ...

7.5

CVE-2024-8237

  • EPSS 0.61%
  • Veröffentlicht 26.11.2024 19:15:32
  • Zuletzt bearbeitet 13.12.2024 01:32:29

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

8.8

CVE-2024-8114

  • EPSS 0.08%
  • Veröffentlicht 26.11.2024 19:15:31
  • Zuletzt bearbeitet 12.12.2024 20:54:48

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.

7.5

CVE-2024-8177

  • EPSS 0.16%
  • Veröffentlicht 26.11.2024 19:15:31
  • Zuletzt bearbeitet 13.12.2024 01:29:28

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

5.3

CVE-2024-11668

  • EPSS 0.05%
  • Veröffentlicht 26.11.2024 19:15:22
  • Zuletzt bearbeitet 12.12.2024 21:42:07

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streami...

7.5

CVE-2024-11669

  • EPSS 0.05%
  • Veröffentlicht 26.11.2024 19:15:22
  • Zuletzt bearbeitet 12.12.2024 21:11:00

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application ...

7.5

CVE-2024-11828

  • EPSS 0.56%
  • Veröffentlicht 26.11.2024 19:15:22
  • Zuletzt bearbeitet 12.12.2024 21:07:04

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending craf...

7.5

CVE-2024-9633

  • EPSS 0.02%
  • Veröffentlicht 14.11.2024 14:15:19
  • Zuletzt bearbeitet 12.12.2024 21:43:44

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a...