Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-9825

Exploit
  • EPSS 0.02%
  • Veröffentlicht 21.11.2025 05:33:31
  • Zuletzt bearbeitet 02.12.2025 20:31:10

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by q...

4.3

CVE-2025-7736

  • EPSS 0.02%
  • Veröffentlicht 15.11.2025 08:15:48
  • Zuletzt bearbeitet 19.11.2025 19:46:03

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages co...

4.3

CVE-2025-6171

  • EPSS 0.02%
  • Veröffentlicht 15.11.2025 08:15:46
  • Zuletzt bearbeitet 20.11.2025 21:09:38

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details...

3.5

CVE-2025-6945

  • EPSS 0.04%
  • Veröffentlicht 15.11.2025 08:15:46
  • Zuletzt bearbeitet 20.11.2025 21:07:40

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecti...

4.3

CVE-2025-7000

  • EPSS 0.02%
  • Veröffentlicht 15.11.2025 08:15:46
  • Zuletzt bearbeitet 20.11.2025 21:03:40

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by acc...

3.5

CVE-2025-11990

  • EPSS 0.02%
  • Veröffentlicht 15.11.2025 08:15:45
  • Zuletzt bearbeitet 19.11.2025 17:55:22

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references comb...

6.5

CVE-2025-2615

  • EPSS 0.02%
  • Veröffentlicht 15.11.2025 08:15:45
  • Zuletzt bearbeitet 19.11.2025 17:46:27

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions t...

5.3

CVE-2025-11865

  • EPSS 0.02%
  • Veröffentlicht 15.11.2025 08:15:43
  • Zuletzt bearbeitet 19.11.2025 17:59:17

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.

6.5

CVE-2025-12983

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.11.2025 08:13:32
  • Zuletzt bearbeitet 19.11.2025 19:44:25

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially...

8.8

CVE-2025-11702

Exploit
  • EPSS 0.02%
  • Veröffentlicht 29.10.2025 07:04:52
  • Zuletzt bearbeitet 03.11.2025 18:32:41

GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.