Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-17449

  • EPSS 0.11%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 07.02.2025 17:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure d...

4.3

CVE-2018-17450

  • EPSS 0.13%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:10

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP...

8.8

CVE-2018-17451

  • EPSS 0.1%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.

9.8

CVE-2018-17452

  • EPSS 0.13%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.

5.3

CVE-2018-17453

  • EPSS 0.21%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

5.4

CVE-2018-17454

  • EPSS 0.24%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.

7.5

CVE-2018-17455

  • EPSS 0.11%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object...

5.4

CVE-2018-17536

  • EPSS 0.24%
  • Veröffentlicht 15.04.2023 23:15:13
  • Zuletzt bearbeitet 06.02.2025 21:15:11

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.

4.6

CVE-2023-0450

  • EPSS 1.09%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 07:37:12

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

3.8

CVE-2023-0838

  • EPSS 0.62%
  • Veröffentlicht 05.04.2023 21:15:07
  • Zuletzt bearbeitet 10.02.2025 21:15:13

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. Thi...