Gitlab

Gitlab

1222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-8778

Exploit
  • EPSS 0.07%
  • Published 04.05.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

8.2

CVE-2016-9469

Exploit
  • EPSS 0.14%
  • Published 28.03.2017 02:59:01
  • Last modified 20.04.2025 01:37:25

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could...

6.3

CVE-2017-0882

Exploit
  • EPSS 0.18%
  • Published 28.03.2017 02:59:01
  • Last modified 20.04.2025 01:37:25

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

8.8

CVE-2016-4340

Exploit
  • EPSS 2.79%
  • Published 23.01.2017 21:59:01
  • Last modified 20.04.2025 01:37:25

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

6.5

CVE-2016-9086

  • EPSS 13.49%
  • Published 03.11.2016 10:59:09
  • Last modified 12.04.2025 10:46:40

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab ver...

6.5

CVE-2013-4489

  • EPSS 0.2%
  • Published 17.05.2014 20:55:02
  • Last modified 12.04.2025 10:46:40

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

6.5

CVE-2013-4546

  • EPSS 0.22%
  • Published 13.05.2014 15:55:04
  • Last modified 12.04.2025 10:46:40

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

4.3

CVE-2014-3456

  • EPSS 0.08%
  • Published 13.05.2014 15:55:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2013-4490

  • EPSS 48.02%
  • Published 13.05.2014 15:55:03
  • Last modified 12.04.2025 10:46:40

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

6.8

CVE-2013-4580

  • EPSS 0.1%
  • Published 12.05.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.