Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.7

CVE-2024-7296

Exploit
  • EPSS 0.02%
  • Veröffentlicht 13.03.2025 06:15:35
  • Zuletzt bearbeitet 06.08.2025 18:37:18

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of a...

4.3

CVE-2025-2045

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.03.2025 13:15:12
  • Zuletzt bearbeitet 06.08.2025 18:33:48

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

4.2

CVE-2025-1540

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.03.2025 09:15:26
  • Zuletzt bearbeitet 06.08.2025 18:33:28

An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone ...

6.1

CVE-2025-0555

  • EPSS 0.18%
  • Veröffentlicht 03.03.2025 16:15:39
  • Zuletzt bearbeitet 07.03.2025 19:37:57

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser u...

6.1

CVE-2025-0475

  • EPSS 0.29%
  • Veröffentlicht 03.03.2025 11:15:15
  • Zuletzt bearbeitet 07.03.2025 12:30:28

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circums...

5.4

CVE-2024-10925

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.03.2025 11:15:10
  • Zuletzt bearbeitet 26.08.2025 20:15:31

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML

5.4

CVE-2024-8186

  • EPSS 0.05%
  • Veröffentlicht 03.03.2025 10:15:09
  • Zuletzt bearbeitet 03.03.2025 10:15:09

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.

5.7

CVE-2024-3303

Exploit
  • EPSS 0.32%
  • Veröffentlicht 13.02.2025 09:15:09
  • Zuletzt bearbeitet 06.08.2025 18:32:16

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using promp...

5.3

CVE-2025-1198

  • EPSS 0.01%
  • Veröffentlicht 13.02.2025 02:15:29
  • Zuletzt bearbeitet 06.08.2025 18:50:00

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to stream...

6.6

CVE-2024-8266

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.02.2025 01:15:25
  • Zuletzt bearbeitet 06.08.2025 18:49:37

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.