Gitlab

Gitlab

1222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-7057

  • EPSS 0.07%
  • Veröffentlicht 25.07.2024 01:15:10
  • Zuletzt bearbeitet 21.11.2024 09:50:48

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users ...

5.4

CVE-2024-7047

  • EPSS 0.12%
  • Veröffentlicht 25.07.2024 01:15:09
  • Zuletzt bearbeitet 21.11.2024 09:50:47

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...

5

CVE-2024-7091

  • EPSS 0.07%
  • Veröffentlicht 24.07.2024 23:15:10
  • Zuletzt bearbeitet 21.11.2024 09:50:52

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group o...

2.7

CVE-2024-0231

  • EPSS 0.23%
  • Veröffentlicht 24.07.2024 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:46:06

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.

4.9

CVE-2024-5067

Exploit
  • EPSS 0.08%
  • Veröffentlicht 24.07.2024 23:15:09
  • Zuletzt bearbeitet 21.11.2024 09:46:53

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group...

6.5

CVE-2024-7060

  • EPSS 0.06%
  • Veröffentlicht 24.07.2024 23:15:09
  • Zuletzt bearbeitet 21.11.2024 09:50:48

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.

5.3

CVE-2024-6595

Exploit
  • EPSS 0.07%
  • Veröffentlicht 17.07.2024 02:15:10
  • Zuletzt bearbeitet 21.11.2024 09:49:57

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package dat...

9.8

CVE-2024-6385

  • EPSS 0.57%
  • Veröffentlicht 11.07.2024 07:15:06
  • Zuletzt bearbeitet 21.11.2024 09:49:32

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certa...

2.7

CVE-2024-5257

  • EPSS 0.02%
  • Veröffentlicht 11.07.2024 07:15:04
  • Zuletzt bearbeitet 21.11.2024 09:47:17

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group name...

2.7

CVE-2024-5470

  • EPSS 0.04%
  • Veröffentlicht 11.07.2024 07:15:04
  • Zuletzt bearbeitet 21.11.2024 09:47:44

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.