Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 304
CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...
CVE-2019-5462
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVE-2019-5462
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...
CVE-2019-15590
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
CVE-2019-15590
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 fo ...
CVE-2019-15586
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2019-15586
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2019-15585
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
CVE-2019-15585
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 fo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-5464 A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
| CVE-2019-5464 A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ... | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
| CVE-2019-5462 A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | CVSS3: 8.8 | 0% Низкий | около 6 лет назад |
| CVE-2019-5462 A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ... | CVSS3: 8.8 | 0% Низкий | около 6 лет назад |
| CVE-2019-15590 An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| CVE-2019-15590 An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 fo ... | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| CVE-2019-15586 A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | CVSS3: 6.1 | 0% Низкий | около 6 лет назад |
| CVE-2019-15586 A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | CVSS3: 6.1 | 0% Низкий | около 6 лет назад |
| CVE-2019-15585 Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
| CVE-2019-15585 Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 fo ... | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
Уязвимостей на страницу