Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-7554

  • EPSS 0.05%
  • Veröffentlicht 08.08.2024 11:15:13
  • Zuletzt bearbeitet 29.08.2024 15:42:13

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been ...

6.5

CVE-2024-7610

  • EPSS 0.25%
  • Veröffentlicht 08.08.2024 11:15:13
  • Zuletzt bearbeitet 29.08.2024 15:45:27

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while p...

7.5

CVE-2024-2800

  • EPSS 0.41%
  • Veröffentlicht 08.08.2024 11:15:12
  • Zuletzt bearbeitet 18.09.2024 12:42:50

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.

8.1

CVE-2024-3035

  • EPSS 0.04%
  • Veröffentlicht 08.08.2024 11:15:12
  • Zuletzt bearbeitet 29.08.2024 15:55:30

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.

6.5

CVE-2024-3114

  • EPSS 0.15%
  • Veröffentlicht 08.08.2024 11:15:12
  • Zuletzt bearbeitet 30.08.2024 14:15:15

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on t...

6.5

CVE-2024-3958

  • EPSS 0.07%
  • Veröffentlicht 08.08.2024 11:15:12
  • Zuletzt bearbeitet 29.08.2024 15:50:33

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command ...

6.5

CVE-2024-4210

  • EPSS 0.18%
  • Veröffentlicht 08.08.2024 10:15:09
  • Zuletzt bearbeitet 23.08.2024 16:56:07

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted...

5.4

CVE-2024-4784

  • EPSS 0.02%
  • Veröffentlicht 08.08.2024 10:15:09
  • Zuletzt bearbeitet 23.08.2024 16:59:30

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

7.5

CVE-2024-6329

  • EPSS 0.06%
  • Veröffentlicht 08.08.2024 10:15:09
  • Zuletzt bearbeitet 23.08.2024 17:01:34

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when th...

4.3

CVE-2024-7057

  • EPSS 0.1%
  • Veröffentlicht 25.07.2024 01:15:10
  • Zuletzt bearbeitet 21.11.2024 09:50:48

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users ...