Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 4 983
CVE-2017-0917
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVE-2014-8540
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVE-2014-8540
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...
CVE-2017-17716
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
CVE-2017-17716
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verifi ...
CVE-2017-17716
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17. ...
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
CVE-2017-11438
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-0917 Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2014-8540 The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | CVSS3: 6.5 | 0% Низкий | больше 7 лет назад |
| CVE-2014-8540 The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ... | CVSS3: 6.5 | 0% Низкий | больше 7 лет назад |
| CVE-2017-17716 GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem. | CVSS3: 5.9 | 0% Низкий | больше 7 лет назад |
| CVE-2017-17716 GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verifi ... | CVSS3: 5.9 | 0% Низкий | больше 7 лет назад |
| CVE-2017-17716 GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem. | CVSS3: 5.9 | 0% Низкий | больше 7 лет назад |
| CVE-2017-12426 GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | CVSS3: 8.8 | 1% Низкий | около 8 лет назад |
| CVE-2017-12426 GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17. ... | CVSS3: 8.8 | 1% Низкий | около 8 лет назад |
| CVE-2017-12426 GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | CVSS3: 8.8 | 1% Низкий | около 8 лет назад |
| CVE-2017-11438 GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | CVSS3: 6.3 | 0% Низкий | около 8 лет назад |
Уязвимостей на страницу