Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2024-1451

  • EPSS 29.09%
  • Veröffentlicht 22.02.2024 00:15:52
  • Zuletzt bearbeitet 21.11.2024 08:50:36

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on ...

5.3

CVE-2024-1525

  • EPSS 0.01%
  • Veröffentlicht 22.02.2024 00:15:52
  • Zuletzt bearbeitet 21.11.2024 08:50:45

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be...

6.7

CVE-2023-6477

  • EPSS 0.01%
  • Veröffentlicht 22.02.2024 00:15:51
  • Zuletzt bearbeitet 21.11.2024 08:43:55

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_me...

7.7

CVE-2024-0410

  • EPSS 0.01%
  • Veröffentlicht 22.02.2024 00:15:51
  • Zuletzt bearbeitet 21.11.2024 08:46:31

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

4.3

CVE-2024-0861

  • EPSS 0.02%
  • Veröffentlicht 22.02.2024 00:15:51
  • Zuletzt bearbeitet 21.11.2024 08:47:31

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard ...

5.4

CVE-2023-3509

  • EPSS 0.03%
  • Veröffentlicht 21.02.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:17:25

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title ...

6.5

CVE-2024-1250

  • EPSS 0.02%
  • Veröffentlicht 12.02.2024 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:50:09

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges,...

6.5

CVE-2023-6564

  • EPSS 0.02%
  • Veröffentlicht 08.02.2024 12:15:55
  • Zuletzt bearbeitet 21.11.2024 08:44:06

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup membe...

6.5

CVE-2023-6736

  • EPSS 0.06%
  • Veröffentlicht 07.02.2024 22:15:09
  • Zuletzt bearbeitet 20.03.2025 16:59:18

An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side de...

6.7

CVE-2023-6840

  • EPSS 0.01%
  • Veröffentlicht 07.02.2024 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:44:39

An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to b...