Gitlab

Gitlab

1222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-10925

Exploit
  • EPSS 0.02%
  • Published 03.03.2025 11:15:10
  • Last modified 26.08.2025 20:15:31

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML

5.4

CVE-2024-8186

  • EPSS 0.04%
  • Published 03.03.2025 10:15:09
  • Last modified 03.03.2025 10:15:09

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.

5.7

CVE-2024-3303

Exploit
  • EPSS 0.19%
  • Published 13.02.2025 09:15:09
  • Last modified 06.08.2025 18:32:16

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using promp...

5.3

CVE-2025-1198

  • EPSS 0.01%
  • Published 13.02.2025 02:15:29
  • Last modified 06.08.2025 18:50:00

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to stream...

6.6

CVE-2024-8266

Exploit
  • EPSS 0.03%
  • Published 13.02.2025 01:15:25
  • Last modified 06.08.2025 18:49:37

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.

7.5

CVE-2024-7102

  • EPSS 0.03%
  • Published 13.02.2025 01:15:24
  • Last modified 06.08.2025 18:49:23

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.

8.8

CVE-2024-9870

Exploit
  • EPSS 0.02%
  • Published 12.02.2025 16:15:42
  • Last modified 06.08.2025 18:48:42

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.

4.3

CVE-2025-0516

Exploit
  • EPSS 0.02%
  • Published 12.02.2025 16:15:42
  • Last modified 06.08.2025 18:49:01

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.

7.5

CVE-2025-1212

  • EPSS 0.05%
  • Published 12.02.2025 15:15:18
  • Last modified 06.08.2025 18:48:33

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

7.5

CVE-2025-1042

  • EPSS 0.03%
  • Published 12.02.2025 15:15:16
  • Last modified 06.08.2025 18:48:24

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.