Gitlab

Gitlab

1222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.9

CVE-2025-5121

  • EPSS 0.03%
  • Published 20.06.2025 17:12:39
  • Last modified 12.08.2025 14:51:20

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's gr...

7.5

CVE-2024-7586

  • EPSS 0.02%
  • Published 20.06.2025 14:15:26
  • Last modified 12.08.2025 14:50:04

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

7.5

CVE-2025-5982

  • EPSS 0.02%
  • Published 12.06.2025 16:27:56
  • Last modified 12.08.2025 13:07:39

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

5.9

CVE-2024-9512

  • EPSS 0.01%
  • Published 12.06.2025 14:15:29
  • Last modified 08.08.2025 18:22:08

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out ...

7.5

CVE-2025-0673

Media report Exploit
  • EPSS 0.02%
  • Published 12.06.2025 11:03:28
  • Last modified 08.08.2025 18:21:04

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.

4.3

CVE-2025-5195

Media report Exploit
  • EPSS 0.01%
  • Published 12.06.2025 10:31:00
  • Last modified 08.08.2025 18:21:19

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized dat...

8.7

CVE-2025-4278

Media report
  • EPSS 0.09%
  • Published 12.06.2025 10:16:39
  • Last modified 08.08.2025 18:23:29

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

6.5

CVE-2025-5996

Exploit
  • EPSS 0.04%
  • Published 12.06.2025 10:16:39
  • Last modified 08.08.2025 18:20:50

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

7.5

CVE-2025-1516

  • EPSS 0.1%
  • Published 12.06.2025 10:16:38
  • Last modified 08.08.2025 18:30:39

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

6.1

CVE-2025-2254

Media report
  • EPSS 0.08%
  • Published 12.06.2025 10:16:38
  • Last modified 08.08.2025 18:31:04

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.