Логотип exploitDog
product: "gitlab"
Консоль
Логотип exploitDog

exploitDog

product: "gitlab"
Gitlab

Gitlabвеб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.

Релизный цикл, информация об уязвимостях

Продукт: Gitlab
Вендор: gitlab

График релизов

18.818.918.1020262027

Недавние уязвимости Gitlab

Количество 5 499

github логотип

GHSA-p3cx-frrm-35m8

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS3: 4.3
EPSS: Низкий
debian логотип

CVE-2026-1182

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions ...

CVSS3: 4.3
EPSS: Низкий
nvd логотип

CVE-2026-1182

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS3: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2026-1182

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-m62r-8f87-wrg8

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-jqw6-r3pp-rfvr

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

CVSS3: 2.2
EPSS: Низкий
github логотип

GHSA-6hv2-5mwg-mjjf

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances.

CVSS3: 4.1
EPSS: Низкий
github логотип

GHSA-qv6p-pfj5-mhj9

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

CVSS3: 8.7
EPSS: Низкий
github логотип

GHSA-5prc-f4c3-qjpv

14 дней назад

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-2jv7-gvqw-mxm4

14 дней назад

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the group import process under certain circumstances.

CVSS3: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-p3cx-frrm-35m8

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS3: 4.3
0%
Низкий
14 дней назад
debian логотип
CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions ...

CVSS3: 4.3
0%
Низкий
14 дней назад
nvd логотип
CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS3: 4.3
0%
Низкий
14 дней назад
ubuntu логотип
CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS3: 4.3
0%
Низкий
14 дней назад
github логотип
GHSA-m62r-8f87-wrg8

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data.

CVSS3: 6.5
0%
Низкий
14 дней назад
github логотип
GHSA-jqw6-r3pp-rfvr

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

CVSS3: 2.2
0%
Низкий
14 дней назад
github логотип
GHSA-6hv2-5mwg-mjjf

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances.

CVSS3: 4.1
0%
Низкий
14 дней назад
github логотип
GHSA-qv6p-pfj5-mhj9

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

CVSS3: 8.7
0%
Низкий
14 дней назад
github логотип
GHSA-5prc-f4c3-qjpv

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions.

CVSS3: 3.5
0%
Низкий
14 дней назад
github логотип
GHSA-2jv7-gvqw-mxm4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the group import process under certain circumstances.

CVSS3: 4.3
0%
Низкий
14 дней назад

Уязвимостей на страницу


Поделиться