Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-0485

  • EPSS 0.3%
  • Veröffentlicht 03.05.2023 21:15:16
  • Zuletzt bearbeitet 21.11.2024 07:37:16

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user r...

4.3

CVE-2023-1204

  • EPSS 0.3%
  • Veröffentlicht 03.05.2023 21:15:16
  • Zuletzt bearbeitet 30.01.2025 16:15:28

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public em...

5.4

CVE-2018-17537

  • EPSS 0.19%
  • Veröffentlicht 16.04.2023 00:15:07
  • Zuletzt bearbeitet 06.02.2025 17:15:09

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .

5.9

CVE-2019-14942

  • EPSS 0.05%
  • Veröffentlicht 16.04.2023 00:15:07
  • Zuletzt bearbeitet 06.02.2025 17:15:10

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.

6.5

CVE-2019-14944

Exploit
  • EPSS 1.38%
  • Veröffentlicht 16.04.2023 00:15:07
  • Zuletzt bearbeitet 06.02.2025 17:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

7.5

CVE-2018-15472

  • EPSS 0.09%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 10.02.2025 16:15:32

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

7.5

CVE-2018-17449

  • EPSS 0.09%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 07.02.2025 17:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure d...

4.3

CVE-2018-17450

  • EPSS 0.1%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:10

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP...

8.8

CVE-2018-17451

  • EPSS 0.08%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.

9.8

CVE-2018-17452

  • EPSS 0.11%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.