Gitlab

GitLab

1408 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.58%
  • Veröffentlicht 30.09.2020 18:15:19
  • Zuletzt bearbeitet 21.11.2024 05:01:02

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.

Exploit
  • EPSS 0.6%
  • Veröffentlicht 30.09.2020 18:15:19
  • Zuletzt bearbeitet 21.11.2024 05:01:02

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.

Exploit
  • EPSS 0.63%
  • Veröffentlicht 30.09.2020 18:15:19
  • Zuletzt bearbeitet 21.11.2024 05:01:02

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.

  • EPSS 1.16%
  • Veröffentlicht 15.09.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:59

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.

  • EPSS 1.01%
  • Veröffentlicht 15.09.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:59

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.

  • EPSS 1.64%
  • Veröffentlicht 15.09.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:00

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance...

  • EPSS 1.62%
  • Veröffentlicht 14.09.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:59

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.

  • EPSS 0.99%
  • Veröffentlicht 14.09.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:59

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.

  • EPSS 1.83%
  • Veröffentlicht 14.09.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:59

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

  • EPSS 1.27%
  • Veröffentlicht 14.09.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:00

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.