Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-8635

  • EPSS 0.03%
  • Veröffentlicht 12.09.2024 17:15:06
  • Zuletzt bearbeitet 21.11.2024 09:53:28

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal res...

8.8

CVE-2024-8640

  • EPSS 0.17%
  • Veröffentlicht 12.09.2024 17:15:06
  • Zuletzt bearbeitet 21.11.2024 09:53:29

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cub...

8.1

CVE-2024-8754

  • EPSS 0.02%
  • Veröffentlicht 12.09.2024 17:15:06
  • Zuletzt bearbeitet 14.09.2024 15:40:20

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed p...

6.5

CVE-2024-5435

  • EPSS 0.04%
  • Veröffentlicht 12.09.2024 17:15:05
  • Zuletzt bearbeitet 21.11.2024 09:47:40

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository...

4.3

CVE-2024-6389

  • EPSS 0.06%
  • Veröffentlicht 12.09.2024 17:15:05
  • Zuletzt bearbeitet 21.11.2024 09:49:33

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to ...

3.5

CVE-2024-6446

  • EPSS 0.07%
  • Veröffentlicht 12.09.2024 17:15:05
  • Zuletzt bearbeitet 21.11.2024 09:49:40

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.

9.1

CVE-2024-2743

  • EPSS 0.03%
  • Veröffentlicht 12.09.2024 17:15:04
  • Zuletzt bearbeitet 21.11.2024 09:10:25

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.

6.1

CVE-2024-4612

  • EPSS 0.02%
  • Veröffentlicht 12.09.2024 17:15:04
  • Zuletzt bearbeitet 21.11.2024 09:43:13

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the...

7.5

CVE-2024-4660

  • EPSS 0.05%
  • Veröffentlicht 12.09.2024 17:15:04
  • Zuletzt bearbeitet 21.11.2024 09:43:19

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a ...

9.8

CVE-2024-45409

  • EPSS 41.39%
  • Veröffentlicht 10.09.2024 19:15:22
  • Zuletzt bearbeitet 21.11.2024 09:37:44

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml docum...