Gitlab

GitLab

1310 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-7803

  • EPSS 0.26%
  • Veröffentlicht 23.05.2025 12:31:21
  • Zuletzt bearbeitet 08.08.2025 18:38:07

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

7.5

CVE-2024-9163

  • EPSS 0.07%
  • Veröffentlicht 23.05.2025 12:31:11
  • Zuletzt bearbeitet 08.08.2025 18:25:10

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

6.8

CVE-2024-12093

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.05.2025 14:32:04
  • Zuletzt bearbeitet 08.08.2025 18:37:36

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

4.3

CVE-2025-0605

  • EPSS 0.05%
  • Veröffentlicht 22.05.2025 14:31:54
  • Zuletzt bearbeitet 29.05.2025 15:58:07

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

4.3

CVE-2025-0679

  • EPSS 0.08%
  • Veröffentlicht 22.05.2025 14:31:44
  • Zuletzt bearbeitet 29.05.2025 15:57:54

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

6.5

CVE-2025-0993

  • EPSS 0.24%
  • Veröffentlicht 22.05.2025 14:31:34
  • Zuletzt bearbeitet 29.05.2025 15:58:42

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

4.3

CVE-2025-1110

  • EPSS 0.06%
  • Veröffentlicht 22.05.2025 14:16:02
  • Zuletzt bearbeitet 29.05.2025 15:58:34

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

6.5

CVE-2025-2853

  • EPSS 0.46%
  • Veröffentlicht 22.05.2025 13:30:48
  • Zuletzt bearbeitet 29.05.2025 15:58:28

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.

6.5

CVE-2025-3111

  • EPSS 0.46%
  • Veröffentlicht 22.05.2025 13:30:43
  • Zuletzt bearbeitet 29.05.2025 15:58:19

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of ...

7.5

CVE-2025-4979

  • EPSS 0.07%
  • Veröffentlicht 22.05.2025 13:30:28
  • Zuletzt bearbeitet 08.08.2025 18:33:20

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creat...