Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 237
CVE-2018-9243
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vu ...
CVE-2018-9243
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-9244
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-8971
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
CVE-2018-8971
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, a ...
CVE-2018-8971
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
CVE-2017-0920
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
CVE-2017-0920
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...
CVE-2017-0920
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2018-9243 GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vu ... | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2018-9243 GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
| CVE-2018-9244 GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2018-8971 The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | CVSS3: 9.8 | 0% Низкий | больше 7 лет назад |
| CVE-2018-8971 The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, a ... | CVSS3: 9.8 | 0% Низкий | больше 7 лет назад |
| CVE-2018-8971 The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | CVSS3: 9.8 | 0% Низкий | больше 7 лет назад |
| CVE-2017-0920 GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | CVSS3: 4.3 | 0% Низкий | больше 7 лет назад |
| CVE-2017-0920 GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ... | CVSS3: 4.3 | 0% Низкий | больше 7 лет назад |
| CVE-2017-0920 GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | CVSS3: 4.3 | 0% Низкий | больше 7 лет назад |
| CVE-2018-3710 Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | CVSS3: 7.8 | 5% Низкий | больше 7 лет назад |
Уязвимостей на страницу