Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-2818

  • EPSS 0.03%
  • Veröffentlicht 28.03.2024 08:15:26
  • Zuletzt bearbeitet 11.12.2024 20:25:14

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using mali...

8

CVE-2024-0199

Exploit
  • EPSS 0.01%
  • Veröffentlicht 07.03.2024 01:15:52
  • Zuletzt bearbeitet 11.12.2024 20:12:49

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to...

8.1

CVE-2024-1299

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.03.2024 01:15:52
  • Zuletzt bearbeitet 11.12.2024 20:23:27

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privi...

4.3

CVE-2023-4895

  • EPSS 0.02%
  • Veröffentlicht 22.02.2024 01:15:07
  • Zuletzt bearbeitet 21.11.2024 08:36:12

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restric...

8.7

CVE-2024-1451

  • EPSS 29.09%
  • Veröffentlicht 22.02.2024 00:15:52
  • Zuletzt bearbeitet 21.11.2024 08:50:36

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on ...

5.3

CVE-2024-1525

  • EPSS 0.01%
  • Veröffentlicht 22.02.2024 00:15:52
  • Zuletzt bearbeitet 21.11.2024 08:50:45

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be...

6.7

CVE-2023-6477

  • EPSS 0.01%
  • Veröffentlicht 22.02.2024 00:15:51
  • Zuletzt bearbeitet 21.11.2024 08:43:55

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_me...

7.7

CVE-2024-0410

  • EPSS 0.01%
  • Veröffentlicht 22.02.2024 00:15:51
  • Zuletzt bearbeitet 21.11.2024 08:46:31

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

4.3

CVE-2024-0861

  • EPSS 0.02%
  • Veröffentlicht 22.02.2024 00:15:51
  • Zuletzt bearbeitet 21.11.2024 08:47:31

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard ...

5.4

CVE-2023-3509

  • EPSS 0.03%
  • Veröffentlicht 21.02.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:17:25

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title ...