Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.8

CVE-2023-0483

  • EPSS 0.14%
  • Veröffentlicht 09.03.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:37:16

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datado...

2.7

CVE-2023-1084

  • EPSS 1.19%
  • Veröffentlicht 09.03.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:38:25

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Own...

6.1

CVE-2022-4007

  • EPSS 0.7%
  • Veröffentlicht 08.03.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:34:26

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed ...

7.5

CVE-2022-3759

  • EPSS 0.69%
  • Veröffentlicht 13.02.2023 23:15:11
  • Zuletzt bearbeitet 21.03.2025 19:15:39

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip f...

8.1

CVE-2022-4138

  • EPSS 0.19%
  • Veröffentlicht 13.02.2023 23:15:11
  • Zuletzt bearbeitet 21.03.2025 20:15:13

A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an...

7.5

CVE-2023-0518

  • EPSS 0.6%
  • Veröffentlicht 13.02.2023 23:15:11
  • Zuletzt bearbeitet 21.03.2025 20:15:15

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a...

6.5

CVE-2022-3411

  • EPSS 0.37%
  • Veröffentlicht 13.02.2023 23:15:10
  • Zuletzt bearbeitet 21.03.2025 19:15:38

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, ...

5.3

CVE-2022-4255

  • EPSS 0.24%
  • Veröffentlicht 27.01.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:34:53

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

5.3

CVE-2022-4201

Exploit
  • EPSS 0.18%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

7.5

CVE-2022-4205

Exploit
  • EPSS 0.14%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.