Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
GHSA-v9g5-36x8-7xmx
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
GHSA-jqqw-x8w5-v4hh
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
GHSA-crr3-cvh5-8wfr
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
GHSA-r3m4-8xwf-9fpp
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
GHSA-9vrq-hh79-6v9m
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.
CVE-2025-0993
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
CVE-2025-0993
An issue has been discovered in GitLab CE/EE affecting all versions be ...
CVE-2025-0679
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
CVE-2025-0679
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2025-0605
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-v9g5-36x8-7xmx An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | CVSS3: 4.6 | 0% Низкий | 9 месяцев назад |
| GHSA-jqqw-x8w5-v4hh An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | CVSS3: 2.7 | 0% Низкий | 9 месяцев назад |
| GHSA-crr3-cvh5-8wfr An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| GHSA-r3m4-8xwf-9fpp An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| GHSA-9vrq-hh79-6v9m An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | CVSS3: 4.9 | 0% Низкий | 9 месяцев назад |
 | CVE-2025-0993 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-0993 An issue has been discovered in GitLab CE/EE affecting all versions be ... | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-0679 An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | CVSS3: 4.3 | 0% Низкий | 9 месяцев назад |
| CVE-2025-0679 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 4.3 | 0% Низкий | 9 месяцев назад |
| CVE-2025-0605 An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | CVSS3: 4.6 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу