Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-9367

Exploit
  • EPSS 0.19%
  • Veröffentlicht 12.12.2024 12:15:28
  • Zuletzt bearbeitet 11.07.2025 19:30:27

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (Do...

6.4

CVE-2024-9387

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.12.2024 12:15:28
  • Zuletzt bearbeitet 11.07.2025 20:35:26

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

5.4

CVE-2024-8179

  • EPSS 0.37%
  • Veröffentlicht 12.12.2024 12:15:27
  • Zuletzt bearbeitet 11.07.2025 20:11:48

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.

8.7

CVE-2024-11274

Exploit
  • EPSS 0.04%
  • Veröffentlicht 12.12.2024 12:15:22
  • Zuletzt bearbeitet 11.07.2025 20:33:27

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data e...

4

CVE-2024-12292

  • EPSS 0.02%
  • Veröffentlicht 12.12.2024 12:15:22
  • Zuletzt bearbeitet 11.07.2025 20:33:11

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retai...

6.7

CVE-2024-12570

Exploit
  • EPSS 0.04%
  • Veröffentlicht 12.12.2024 12:15:22
  • Zuletzt bearbeitet 11.07.2025 20:21:32

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a Git...

3.1

CVE-2024-10043

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.12.2024 12:15:21
  • Zuletzt bearbeitet 11.07.2025 20:33:50

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident titl...

5.3

CVE-2024-10240

  • EPSS 0.19%
  • Veröffentlicht 26.11.2024 20:15:24
  • Zuletzt bearbeitet 13.12.2024 01:37:16

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some ...

7.5

CVE-2024-8237

  • EPSS 0.61%
  • Veröffentlicht 26.11.2024 19:15:32
  • Zuletzt bearbeitet 13.12.2024 01:32:29

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

8.8

CVE-2024-8114

  • EPSS 0.08%
  • Veröffentlicht 26.11.2024 19:15:31
  • Zuletzt bearbeitet 12.12.2024 20:54:48

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.