Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2018-17453

  • EPSS 0.17%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

5.4

CVE-2018-17454

  • EPSS 0.19%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.

7.5

CVE-2018-17455

  • EPSS 0.09%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object...

5.4

CVE-2018-17536

  • EPSS 0.19%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.

4.6

CVE-2023-0450

  • EPSS 1.03%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 07:37:12

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

3.8

CVE-2023-0838

  • EPSS 0.58%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 10.02.2025 21:15:13

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. Thi...

4.3

CVE-2023-1071

  • EPSS 0.04%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 10.02.2025 21:15:13

An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthori...

5.3

CVE-2023-1167

  • EPSS 0.2%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 10.02.2025 21:15:14

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

4.3

CVE-2023-1417

  • EPSS 0.24%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 11.02.2025 16:15:31

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...

9.8

CVE-2023-1708

  • EPSS 6.08%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 10.02.2025 21:15:14

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim...