Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
BDU:2025-03643
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/CE, связанная с недостатками механизма авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
GHSA-2cg5-9vjw-w6vg
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.
CVE-2025-2045
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.
CVE-2025-2045
Improper authorization in GitLab EE affecting all versions from 17.7 p ...
GHSA-6xr7-mv6q-jx4q
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
CVE-2025-1540
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
CVE-2025-1540
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedi ...
CVE-2025-1540
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
GHSA-2862-gpw6-r482
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
CVE-2025-0555
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-03643 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/CE, связанная с недостатками механизма авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
| GHSA-2cg5-9vjw-w6vg Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-2045 Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
| CVE-2025-2045 Improper authorization in GitLab EE affecting all versions from 17.7 p ... | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
| GHSA-6xr7-mv6q-jx4q An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." | CVSS3: 3.1 | 0% Низкий | 11 месяцев назад |
| CVE-2025-1540 An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." | CVSS3: 3.1 | 0% Низкий | 11 месяцев назад |
| CVE-2025-1540 An issue has been discovered in GitLab CE/EE for Self-Managed and Dedi ... | CVSS3: 3.1 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-1540 An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." | CVSS3: 3.1 | 0% Низкий | 11 месяцев назад |
| GHSA-2862-gpw6-r482 A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. | CVSS3: 7.7 | 0% Низкий | 11 месяцев назад |
| CVE-2025-0555 A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. | CVSS3: 7.7 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу