Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-11931

Exploit
  • EPSS 0.03%
  • Veröffentlicht 24.01.2025 03:15:06
  • Zuletzt bearbeitet 05.08.2025 19:57:08

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exf...

5.4

CVE-2024-13041

Exploit
  • EPSS 0.03%
  • Veröffentlicht 09.01.2025 07:15:26
  • Zuletzt bearbeitet 05.08.2025 15:12:48

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting o...

4.3

CVE-2024-6324

Exploit
  • EPSS 0.19%
  • Veröffentlicht 09.01.2025 06:15:15
  • Zuletzt bearbeitet 05.08.2025 15:21:23

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epic...

4.3

CVE-2024-12431

Exploit
  • EPSS 0.07%
  • Veröffentlicht 08.01.2025 21:15:11
  • Zuletzt bearbeitet 05.08.2025 15:25:30

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.

6.5

CVE-2025-0194

Exploit
  • EPSS 0.06%
  • Veröffentlicht 08.01.2025 20:15:29
  • Zuletzt bearbeitet 11.07.2025 20:34:44

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API reque...

3.7

CVE-2023-5117

  • EPSS 0.04%
  • Veröffentlicht 25.12.2024 15:15:05
  • Zuletzt bearbeitet 11.07.2025 20:34:08

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to...

5.3

CVE-2024-8116

Exploit
  • EPSS 0.06%
  • Veröffentlicht 16.12.2024 05:15:05
  • Zuletzt bearbeitet 11.07.2025 20:34:31

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.

5.3

CVE-2024-8650

Exploit
  • EPSS 0.02%
  • Veröffentlicht 16.12.2024 05:15:05
  • Zuletzt bearbeitet 11.07.2025 20:34:21

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge reques...

7.5

CVE-2024-8233

Exploit
  • EPSS 0.11%
  • Veröffentlicht 12.12.2024 12:15:28
  • Zuletzt bearbeitet 11.07.2025 20:10:35

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

5.4

CVE-2024-8647

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.12.2024 12:15:28
  • Zuletzt bearbeitet 11.07.2025 19:31:04

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration wa...