Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-2434

Exploit
  • EPSS 4.76%
  • Veröffentlicht 25.04.2024 11:15:45
  • Zuletzt bearbeitet 12.12.2024 17:54:50

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

6.5

CVE-2023-6489

  • EPSS 0.14%
  • Veröffentlicht 12.04.2024 01:15:57
  • Zuletzt bearbeitet 11.12.2024 19:06:06

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation ...

6.5

CVE-2023-6678

  • EPSS 0.08%
  • Veröffentlicht 12.04.2024 01:15:57
  • Zuletzt bearbeitet 11.12.2024 19:58:13

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malici...

5.4

CVE-2024-2279

Exploit
  • EPSS 0.67%
  • Veröffentlicht 12.04.2024 01:15:57
  • Zuletzt bearbeitet 11.12.2024 19:29:27

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a cr...

5.4

CVE-2024-3092

Exploit
  • EPSS 0.67%
  • Veröffentlicht 12.04.2024 01:15:57
  • Zuletzt bearbeitet 11.12.2024 19:19:05

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbit...

5.4

CVE-2023-6371

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.03.2024 08:15:26
  • Zuletzt bearbeitet 11.12.2024 20:26:05

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing a...

6.5

CVE-2024-2818

  • EPSS 0.16%
  • Veröffentlicht 28.03.2024 08:15:26
  • Zuletzt bearbeitet 11.12.2024 20:25:14

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using mali...

8

CVE-2024-0199

Exploit
  • EPSS 0.01%
  • Veröffentlicht 07.03.2024 01:15:52
  • Zuletzt bearbeitet 11.12.2024 20:12:49

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to...

8.1

CVE-2024-1299

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.03.2024 01:15:52
  • Zuletzt bearbeitet 11.12.2024 20:23:27

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privi...

4.3

CVE-2023-4895

  • EPSS 0.02%
  • Veröffentlicht 22.02.2024 01:15:07
  • Zuletzt bearbeitet 21.11.2024 08:36:12

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restric...