Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-1736

  • EPSS 0.58%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 08:51:11

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service at...

6.5

CVE-2024-1963

  • EPSS 0.54%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 08:51:41

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to...

4.4

CVE-2024-4201

  • EPSS 1.47%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 09:42:22

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a reposit...

5.3

CVE-2024-5318

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.05.2024 13:15:09
  • Zuletzt bearbeitet 13.12.2024 17:04:31

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through...

4.3

CVE-2024-5258

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.05.2024 11:15:24
  • Zuletzt bearbeitet 13.12.2024 17:09:56

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

6.1

CVE-2023-7045

Exploit
  • EPSS 0.14%
  • Veröffentlicht 23.05.2024 11:15:23
  • Zuletzt bearbeitet 16.12.2024 14:53:47

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (K...

6.5

CVE-2024-1947

  • EPSS 0.15%
  • Veröffentlicht 23.05.2024 11:15:23
  • Zuletzt bearbeitet 13.12.2024 17:14:57

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending c...

6.5

CVE-2023-6502

  • EPSS 0.18%
  • Veröffentlicht 23.05.2024 11:15:22
  • Zuletzt bearbeitet 16.12.2024 15:02:44

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

8.2

CVE-2024-4835

Exploit
  • EPSS 9.81%
  • Veröffentlicht 23.05.2024 07:15:09
  • Zuletzt bearbeitet 16.12.2024 15:10:13

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

6.5

CVE-2024-2874

Exploit
  • EPSS 0.12%
  • Veröffentlicht 23.05.2024 07:15:08
  • Zuletzt bearbeitet 16.12.2024 15:16:54

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web r...