Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 484
CVE-2016-9086
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.
CVE-2013-4489
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
CVE-2013-4489
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...
CVE-2014-3456
Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4546
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
CVE-2013-4546
The repository import feature in gitlab-shell before 1.7.4, as used in ...
CVE-2013-4490
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
CVE-2013-4490
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...
CVE-2013-4581
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
CVE-2013-4581
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Ed ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-9086 GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected. | CVSS3: 6.5 | 13% Средний | больше 9 лет назад |
 | CVE-2013-4489 The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature. | CVSS2: 6.5 | 0% Низкий | почти 12 лет назад |
| CVE-2013-4489 The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ... | CVSS2: 6.5 | 0% Низкий | почти 12 лет назад |
| CVE-2014-3456 Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | почти 12 лет назад |
| CVE-2013-4546 The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. | CVSS2: 6.5 | 0% Низкий | почти 12 лет назад |
| CVE-2013-4546 The repository import feature in gitlab-shell before 1.7.4, as used in ... | CVSS2: 6.5 | 0% Низкий | почти 12 лет назад |
| CVE-2013-4490 The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. | CVSS2: 6.5 | 50% Средний | почти 12 лет назад |
| CVE-2013-4490 The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ... | CVSS2: 6.5 | 50% Средний | почти 12 лет назад |
| CVE-2013-4581 GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. | CVSS2: 6.8 | 1% Низкий | почти 12 лет назад |
| CVE-2013-4581 GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Ed ... | CVSS2: 6.8 | 1% Низкий | почти 12 лет назад |
Уязвимостей на страницу