Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2018-12605

Exploit
  • EPSS 0.06%
  • Veröffentlicht 03.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:31

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

5.4

CVE-2018-12606

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:31

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.

5.4

CVE-2018-12607

Exploit
  • EPSS 0.06%
  • Veröffentlicht 03.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:31

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

7.5

CVE-2018-14601

  • EPSS 0.23%
  • Veröffentlicht 27.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.

7.5

CVE-2018-14602

  • EPSS 0.1%
  • Veröffentlicht 27.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.

8.8

CVE-2018-14603

  • EPSS 0.03%
  • Veröffentlicht 27.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

6.1

CVE-2018-14604

  • EPSS 0.07%
  • Veröffentlicht 27.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.

5.4

CVE-2018-14605

  • EPSS 0.06%
  • Veröffentlicht 27.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.

5.4

CVE-2018-14606

Exploit
  • EPSS 0.06%
  • Veröffentlicht 27.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:24

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

9.8

CVE-2018-14364

Exploit
  • EPSS 39.28%
  • Veröffentlicht 18.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:55

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.