Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-8177

  • EPSS 0.16%
  • Veröffentlicht 26.11.2024 19:15:31
  • Zuletzt bearbeitet 13.12.2024 01:29:28

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

5.3

CVE-2024-11668

  • EPSS 0.05%
  • Veröffentlicht 26.11.2024 19:15:22
  • Zuletzt bearbeitet 12.12.2024 21:42:07

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streami...

7.5

CVE-2024-11669

  • EPSS 0.05%
  • Veröffentlicht 26.11.2024 19:15:22
  • Zuletzt bearbeitet 12.12.2024 21:11:00

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application ...

7.5

CVE-2024-11828

  • EPSS 0.56%
  • Veröffentlicht 26.11.2024 19:15:22
  • Zuletzt bearbeitet 12.12.2024 21:07:04

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending craf...

7.5

CVE-2024-9633

  • EPSS 0.02%
  • Veröffentlicht 14.11.2024 14:15:19
  • Zuletzt bearbeitet 12.12.2024 21:43:44

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a...

6.5

CVE-2024-7404

  • EPSS 0.03%
  • Veröffentlicht 14.11.2024 13:15:05
  • Zuletzt bearbeitet 12.12.2024 21:48:13

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim v...

6.1

CVE-2024-8648

  • EPSS 1.46%
  • Veröffentlicht 14.11.2024 13:15:05
  • Zuletzt bearbeitet 12.12.2024 21:45:54

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a spe...

8.8

CVE-2024-9693

  • EPSS 0.07%
  • Veröffentlicht 14.11.2024 11:15:05
  • Zuletzt bearbeitet 26.11.2024 01:57:19

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a c...

5.4

CVE-2024-8180

  • EPSS 1.42%
  • Veröffentlicht 14.11.2024 11:15:04
  • Zuletzt bearbeitet 13.12.2024 01:26:23

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.

5.4

CVE-2024-8312

Exploit
  • EPSS 0.64%
  • Veröffentlicht 24.10.2024 10:15:03
  • Zuletzt bearbeitet 13.12.2024 15:43:23

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.