Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 237
CVE-2019-6789
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.
CVE-2019-6789
An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6788
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.
CVE-2019-6788
An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6786
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known.
CVE-2019-6786
An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6785
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.
CVE-2019-6785
An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6784
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.
CVE-2019-6784
An issue was discovered in GitLab Community and Enterprise Edition bef ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-6789 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user. | CVSS3: 4.3 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6789 An issue was discovered in GitLab Community and Enterprise Edition bef ... | CVSS3: 4.3 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6788 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. | CVSS3: 7.5 | 20% Средний | больше 6 лет назад |
| CVE-2019-6788 An issue was discovered in GitLab Community and Enterprise Edition bef ... | CVSS3: 7.5 | 20% Средний | больше 6 лет назад |
| CVE-2019-6786 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6786 An issue was discovered in GitLab Community and Enterprise Edition bef ... | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6785 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6785 An issue was discovered in GitLab Community and Enterprise Edition bef ... | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6784 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. | CVSS3: 6.1 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6784 An issue was discovered in GitLab Community and Enterprise Edition bef ... | CVSS3: 6.1 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу