Gitlab

Gitlab

1222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2023-5117

  • EPSS 0.03%
  • Published 25.12.2024 15:15:05
  • Last modified 11.07.2025 20:34:08

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to...

5.3

CVE-2024-8116

Exploit
  • EPSS 0.05%
  • Published 16.12.2024 05:15:05
  • Last modified 11.07.2025 20:34:31

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.

5.3

CVE-2024-8650

Exploit
  • EPSS 0.02%
  • Published 16.12.2024 05:15:05
  • Last modified 11.07.2025 20:34:21

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge reques...

7.5

CVE-2024-8233

Exploit
  • EPSS 0.09%
  • Published 12.12.2024 12:15:28
  • Last modified 11.07.2025 20:10:35

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

5.4

CVE-2024-8647

Exploit
  • EPSS 0.04%
  • Published 12.12.2024 12:15:28
  • Last modified 11.07.2025 19:31:04

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration wa...

4.3

CVE-2024-9367

Exploit
  • EPSS 0.16%
  • Published 12.12.2024 12:15:28
  • Last modified 11.07.2025 19:30:27

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (Do...

6.4

CVE-2024-9387

Exploit
  • EPSS 0.01%
  • Published 12.12.2024 12:15:28
  • Last modified 11.07.2025 20:35:26

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

5.4

CVE-2024-8179

  • EPSS 0.32%
  • Published 12.12.2024 12:15:27
  • Last modified 11.07.2025 20:11:48

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.

8.7

CVE-2024-11274

Exploit
  • EPSS 0.03%
  • Published 12.12.2024 12:15:22
  • Last modified 11.07.2025 20:33:27

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data e...

4

CVE-2024-12292

  • EPSS 0.02%
  • Published 12.12.2024 12:15:22
  • Last modified 11.07.2025 20:33:11

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retai...