Логотип exploitDog
product: "gitlab"
Консоль
Логотип exploitDog

exploitDog

product: "gitlab"
Gitlab

Gitlabвеб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.

Релизный цикл, информация об уязвимостях

Продукт: Gitlab
Вендор: gitlab

График релизов

18.018.118.220252026

Недавние уязвимости Gitlab

Количество 4 670

ubuntu логотип

CVE-2017-0882

больше 8 лет назад

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

CVSS3: 6.3
EPSS: Низкий
nvd логотип

CVE-2016-4340

больше 8 лет назад

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

CVSS3: 8.8
EPSS: Низкий
debian логотип

CVE-2016-4340

больше 8 лет назад

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 th ...

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2016-4340

больше 8 лет назад

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

CVSS3: 8.8
EPSS: Низкий
nvd логотип

CVE-2016-9086

почти 9 лет назад

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.

CVSS3: 6.5
EPSS: Средний
debian логотип

CVE-2016-9086

почти 9 лет назад

GitLab versions 8.9.x and above contain a critical security flaw in th ...

CVSS3: 6.5
EPSS: Средний
ubuntu логотип

CVE-2016-9086

почти 9 лет назад

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.

CVSS3: 6.5
EPSS: Средний
nvd логотип

CVE-2013-4489

около 11 лет назад

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

CVSS2: 6.5
EPSS: Низкий
debian логотип

CVE-2013-4489

около 11 лет назад

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2014-3456

около 11 лет назад

Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2017-0882

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

CVSS3: 6.3
0%
Низкий
больше 8 лет назад
nvd логотип
CVE-2016-4340

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

CVSS3: 8.8
3%
Низкий
больше 8 лет назад
debian логотип
CVE-2016-4340

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 th ...

CVSS3: 8.8
3%
Низкий
больше 8 лет назад
ubuntu логотип
CVE-2016-4340

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

CVSS3: 8.8
3%
Низкий
больше 8 лет назад
nvd логотип
CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.

CVSS3: 6.5
14%
Средний
почти 9 лет назад
debian логотип
CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in th ...

CVSS3: 6.5
14%
Средний
почти 9 лет назад
ubuntu логотип
CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.

CVSS3: 6.5
14%
Средний
почти 9 лет назад
nvd логотип
CVE-2013-4489

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

CVSS2: 6.5
0%
Низкий
около 11 лет назад
debian логотип
CVE-2013-4489

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...

CVSS2: 6.5
0%
Низкий
около 11 лет назад
nvd логотип
CVE-2014-3456

Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
0%
Низкий
около 11 лет назад

Уязвимостей на страницу


Поделиться