Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2024-1816

  • EPSS 0.09%
  • Veröffentlicht 27.06.2024 00:15:10
  • Zuletzt bearbeitet 21.11.2024 08:51:22

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted ...

5.3

CVE-2024-2191

  • EPSS 0.18%
  • Veröffentlicht 27.06.2024 00:15:10
  • Zuletzt bearbeitet 21.11.2024 09:09:13

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set ...

4.3

CVE-2024-5469

  • EPSS 0.12%
  • Veröffentlicht 14.06.2024 04:15:43
  • Zuletzt bearbeitet 21.11.2024 09:47:44

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.

6.5

CVE-2024-1495

  • EPSS 0.54%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 08:50:42

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using ...

6.5

CVE-2024-1736

  • EPSS 0.58%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 08:51:11

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service at...

6.5

CVE-2024-1963

  • EPSS 0.54%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 08:51:41

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to...

4.4

CVE-2024-4201

  • EPSS 1.47%
  • Veröffentlicht 12.06.2024 23:15:49
  • Zuletzt bearbeitet 21.11.2024 09:42:22

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a reposit...

5.3

CVE-2024-5318

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.05.2024 13:15:09
  • Zuletzt bearbeitet 13.12.2024 17:04:31

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through...

4.3

CVE-2024-5258

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.05.2024 11:15:24
  • Zuletzt bearbeitet 13.12.2024 17:09:56

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.

6.1

CVE-2023-7045

Exploit
  • EPSS 0.14%
  • Veröffentlicht 23.05.2024 11:15:23
  • Zuletzt bearbeitet 16.12.2024 14:53:47

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (K...