Gitlab

Gitlab

1222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-1478

  • EPSS 0.1%
  • Veröffentlicht 12.06.2025 10:16:28
  • Zuletzt bearbeitet 08.08.2025 18:30:27

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

8.7

CVE-2025-1763

Exploit
  • EPSS 0.07%
  • Veröffentlicht 30.05.2025 11:02:36
  • Zuletzt bearbeitet 08.08.2025 18:30:08

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 be...

7.5

CVE-2024-7803

  • EPSS 0.07%
  • Veröffentlicht 23.05.2025 12:31:21
  • Zuletzt bearbeitet 08.08.2025 18:38:07

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

7.5

CVE-2024-9163

  • EPSS 0.01%
  • Veröffentlicht 23.05.2025 12:31:11
  • Zuletzt bearbeitet 08.08.2025 18:25:10

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

6.8

CVE-2024-12093

Exploit
  • EPSS 0.02%
  • Veröffentlicht 22.05.2025 14:32:04
  • Zuletzt bearbeitet 08.08.2025 18:37:36

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

4.3

CVE-2025-0605

  • EPSS 0.03%
  • Veröffentlicht 22.05.2025 14:31:54
  • Zuletzt bearbeitet 29.05.2025 15:58:07

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

4.3

CVE-2025-0679

  • EPSS 0.02%
  • Veröffentlicht 22.05.2025 14:31:44
  • Zuletzt bearbeitet 29.05.2025 15:57:54

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

6.5

CVE-2025-0993

  • EPSS 0.12%
  • Veröffentlicht 22.05.2025 14:31:34
  • Zuletzt bearbeitet 29.05.2025 15:58:42

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

4.3

CVE-2025-1110

  • EPSS 0.02%
  • Veröffentlicht 22.05.2025 14:16:02
  • Zuletzt bearbeitet 29.05.2025 15:58:34

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

6.5

CVE-2025-2853

  • EPSS 0.23%
  • Veröffentlicht 22.05.2025 13:30:48
  • Zuletzt bearbeitet 29.05.2025 15:58:28

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.