Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-0919

  • EPSS 0.06%
  • Veröffentlicht 03.07.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:03:53

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previ...

8.1

CVE-2017-0921

  • EPSS 0.09%
  • Veröffentlicht 03.07.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:03:54

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

6.1

CVE-2018-10379

  • EPSS 0.06%
  • Veröffentlicht 31.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:18

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

6.5

CVE-2018-8801

Exploit
  • EPSS 0.18%
  • Veröffentlicht 25.04.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:20

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

6.1

CVE-2018-9243

Exploit
  • EPSS 0.08%
  • Veröffentlicht 05.04.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:11

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is...

6.1

CVE-2018-9244

Exploit
  • EPSS 0.08%
  • Veröffentlicht 05.04.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:12

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). Th...

9.8

CVE-2018-8971

  • EPSS 0.18%
  • Veröffentlicht 24.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:42

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

4.3

CVE-2017-0920

  • EPSS 0.09%
  • Veröffentlicht 22.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:03:54

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their resp...

7.8

CVE-2018-3710

  • EPSS 5.24%
  • Veröffentlicht 21.03.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:05:55

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

7.5

CVE-2017-0914

  • EPSS 0.17%
  • Veröffentlicht 21.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:03:53

Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.