Gitlab

Gitlab

1222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2024-12570

Exploit
  • EPSS 0.03%
  • Published 12.12.2024 12:15:22
  • Last modified 11.07.2025 20:21:32

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a Git...

3.1

CVE-2024-10043

Exploit
  • EPSS 0.01%
  • Published 12.12.2024 12:15:21
  • Last modified 11.07.2025 20:33:50

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident titl...

5.3

CVE-2024-10240

  • EPSS 0.15%
  • Published 26.11.2024 20:15:24
  • Last modified 13.12.2024 01:37:16

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some ...

7.5

CVE-2024-8237

  • EPSS 0.61%
  • Published 26.11.2024 19:15:32
  • Last modified 13.12.2024 01:32:29

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

8.8

CVE-2024-8114

  • EPSS 0.08%
  • Published 26.11.2024 19:15:31
  • Last modified 12.12.2024 20:54:48

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.

7.5

CVE-2024-8177

  • EPSS 0.16%
  • Published 26.11.2024 19:15:31
  • Last modified 13.12.2024 01:29:28

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

5.3

CVE-2024-11668

  • EPSS 0.05%
  • Published 26.11.2024 19:15:22
  • Last modified 12.12.2024 21:42:07

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streami...

7.5

CVE-2024-11669

  • EPSS 0.05%
  • Published 26.11.2024 19:15:22
  • Last modified 12.12.2024 21:11:00

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application ...

7.5

CVE-2024-11828

  • EPSS 0.56%
  • Published 26.11.2024 19:15:22
  • Last modified 12.12.2024 21:07:04

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending craf...

7.5

CVE-2024-9633

  • EPSS 0.02%
  • Published 14.11.2024 14:15:19
  • Last modified 12.12.2024 21:43:44

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a...