Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-4138

  • EPSS 0.11%
  • Veröffentlicht 13.02.2023 23:15:11
  • Zuletzt bearbeitet 21.03.2025 20:15:13

A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an...

7.5

CVE-2023-0518

  • EPSS 0.6%
  • Veröffentlicht 13.02.2023 23:15:11
  • Zuletzt bearbeitet 21.03.2025 20:15:15

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a...

6.5

CVE-2022-3411

  • EPSS 0.45%
  • Veröffentlicht 13.02.2023 23:15:10
  • Zuletzt bearbeitet 21.03.2025 19:15:38

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, ...

5.3

CVE-2022-4255

  • EPSS 0.19%
  • Veröffentlicht 27.01.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:34:53

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

5.3

CVE-2022-4201

Exploit
  • EPSS 0.16%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

7.5

CVE-2022-4205

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

4.3

CVE-2022-4335

Exploit
  • EPSS 0.25%
  • Veröffentlicht 27.01.2023 18:15:16
  • Zuletzt bearbeitet 28.03.2025 15:15:42

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

5.5

CVE-2022-4054

Exploit
  • EPSS 0.24%
  • Veröffentlicht 26.01.2023 21:18:06
  • Zuletzt bearbeitet 02.04.2025 16:15:23

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook se...

8

CVE-2022-4092

Exploit
  • EPSS 3.8%
  • Veröffentlicht 26.01.2023 21:18:06
  • Zuletzt bearbeitet 01.04.2025 18:15:29

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

6.4

CVE-2022-3902

Exploit
  • EPSS 0.24%
  • Veröffentlicht 26.01.2023 21:16:02
  • Zuletzt bearbeitet 02.04.2025 15:15:46

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook se...