Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-7102

  • EPSS 0.06%
  • Veröffentlicht 13.02.2025 01:15:24
  • Zuletzt bearbeitet 06.08.2025 18:49:23

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.

8.8

CVE-2024-9870

Exploit
  • EPSS 0.04%
  • Veröffentlicht 12.02.2025 16:15:42
  • Zuletzt bearbeitet 06.08.2025 18:48:42

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.

4.3

CVE-2025-0516

Exploit
  • EPSS 0.04%
  • Veröffentlicht 12.02.2025 16:15:42
  • Zuletzt bearbeitet 06.08.2025 18:49:01

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.

7.5

CVE-2025-1212

  • EPSS 0.06%
  • Veröffentlicht 12.02.2025 15:15:18
  • Zuletzt bearbeitet 06.08.2025 18:48:33

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

7.5

CVE-2025-1042

  • EPSS 0.06%
  • Veröffentlicht 12.02.2025 15:15:16
  • Zuletzt bearbeitet 06.08.2025 18:48:24

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

6.1

CVE-2025-0376

  • EPSS 2.08%
  • Veröffentlicht 12.02.2025 15:15:15
  • Zuletzt bearbeitet 06.08.2025 18:48:03

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

6.5

CVE-2024-12379

Exploit
  • EPSS 0.12%
  • Veröffentlicht 12.02.2025 15:15:12
  • Zuletzt bearbeitet 06.08.2025 20:17:22

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes pa...

6.1

CVE-2024-10383

  • EPSS 0.54%
  • Veröffentlicht 07.02.2025 15:15:16
  • Zuletzt bearbeitet 14.08.2025 19:24:54

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also tem...

6.5

CVE-2025-1072

  • EPSS 0.29%
  • Veröffentlicht 07.02.2025 04:15:07
  • Zuletzt bearbeitet 06.08.2025 20:11:21

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted conten...

7.5

CVE-2024-2878

  • EPSS 3.21%
  • Veröffentlicht 05.02.2025 13:15:22
  • Zuletzt bearbeitet 06.08.2025 20:17:38

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by cr...