Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-5846

  • EPSS 0.01%
  • Veröffentlicht 26.06.2025 05:31:05
  • Zuletzt bearbeitet 12.08.2025 14:44:01

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafte...

3.1

CVE-2023-5600

Exploit
  • EPSS 0.04%
  • Veröffentlicht 20.06.2025 19:31:08
  • Zuletzt bearbeitet 12.08.2025 14:52:25

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific ref...

8.1

CVE-2024-4994

Exploit
  • EPSS 0.05%
  • Veröffentlicht 20.06.2025 18:14:37
  • Zuletzt bearbeitet 12.08.2025 14:52:02

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API lea...

7.5

CVE-2024-4025

  • EPSS 0.17%
  • Veröffentlicht 20.06.2025 18:14:33
  • Zuletzt bearbeitet 12.08.2025 14:51:39

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a cra...

6.1

CVE-2025-2443

  • EPSS 0.05%
  • Veröffentlicht 20.06.2025 17:12:54
  • Zuletzt bearbeitet 12.08.2025 14:50:31

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 be...

9.9

CVE-2025-5121

  • EPSS 0.02%
  • Veröffentlicht 20.06.2025 17:12:39
  • Zuletzt bearbeitet 12.08.2025 14:51:20

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's gr...

7.5

CVE-2024-7586

  • EPSS 0.01%
  • Veröffentlicht 20.06.2025 14:15:26
  • Zuletzt bearbeitet 12.08.2025 14:50:04

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

7.5

CVE-2025-5982

  • EPSS 0.01%
  • Veröffentlicht 12.06.2025 16:27:56
  • Zuletzt bearbeitet 12.08.2025 13:07:39

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

5.9

CVE-2024-9512

  • EPSS 0.01%
  • Veröffentlicht 12.06.2025 14:15:29
  • Zuletzt bearbeitet 08.08.2025 18:22:08

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out ...

7.5

CVE-2025-0673

Medienbericht Exploit
  • EPSS 0.02%
  • Veröffentlicht 12.06.2025 11:03:28
  • Zuletzt bearbeitet 08.08.2025 18:21:04

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.