Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-5195

Medienbericht Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.06.2025 10:31:00
  • Zuletzt bearbeitet 08.08.2025 18:21:19

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized dat...

8.7

CVE-2025-4278

Medienbericht
  • EPSS 0.07%
  • Veröffentlicht 12.06.2025 10:16:39
  • Zuletzt bearbeitet 08.08.2025 18:23:29

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

6.5

CVE-2025-5996

Exploit
  • EPSS 0.09%
  • Veröffentlicht 12.06.2025 10:16:39
  • Zuletzt bearbeitet 08.08.2025 18:20:50

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

7.5

CVE-2025-1516

  • EPSS 0.17%
  • Veröffentlicht 12.06.2025 10:16:38
  • Zuletzt bearbeitet 08.08.2025 18:30:39

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

6.1

CVE-2025-2254

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 12.06.2025 10:16:38
  • Zuletzt bearbeitet 08.08.2025 18:31:04

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.

7.5

CVE-2025-1478

  • EPSS 0.17%
  • Veröffentlicht 12.06.2025 10:16:28
  • Zuletzt bearbeitet 08.08.2025 18:30:27

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

8.7

CVE-2025-1763

Exploit
  • EPSS 0.08%
  • Veröffentlicht 30.05.2025 11:02:36
  • Zuletzt bearbeitet 08.08.2025 18:30:08

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 be...

7.5

CVE-2024-7803

  • EPSS 0.05%
  • Veröffentlicht 23.05.2025 12:31:21
  • Zuletzt bearbeitet 08.08.2025 18:38:07

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

7.5

CVE-2024-9163

  • EPSS 0.01%
  • Veröffentlicht 23.05.2025 12:31:11
  • Zuletzt bearbeitet 08.08.2025 18:25:10

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

6.8

CVE-2024-12093

Exploit
  • EPSS 0.02%
  • Veröffentlicht 22.05.2025 14:32:04
  • Zuletzt bearbeitet 08.08.2025 18:37:36

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...