Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 332
CVE-2019-11000
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ...
CVE-2019-11000
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.
CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and before 11.5. ...
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3 ...
CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2019-10301
A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-10300
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2019-11000 An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ... | CVSS3: 6.5 | 1% Низкий | больше 6 лет назад |
 | CVE-2019-11000 An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. | CVSS3: 6.5 | 1% Низкий | больше 6 лет назад |
 | CVE-2018-19359 GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. | CVSS3: 8.8 | 0% Низкий | почти 7 лет назад |
| CVE-2018-19359 GitLab Community and Enterprise Edition 8.9 and later and before 11.5. ... | CVSS3: 8.8 | 0% Низкий | почти 7 лет назад |
| CVE-2018-18643 GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. | CVSS3: 6.1 | 0% Низкий | почти 7 лет назад |
| CVE-2018-18643 GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3 ... | CVSS3: 6.1 | 0% Низкий | почти 7 лет назад |
| CVE-2018-19359 GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. | CVSS3: 8.8 | 0% Низкий | почти 7 лет назад |
| CVE-2018-18643 GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. | CVSS3: 6.1 | 0% Низкий | почти 7 лет назад |
| CVE-2019-10301 A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | CVSS3: 8.8 | 0% Низкий | почти 7 лет назад |
| CVE-2019-10300 A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | CVSS3: 8 | 0% Низкий | почти 7 лет назад |
Уязвимостей на страницу