Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2024-8266
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.
GHSA-7wc9-4gpr-w6xx
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
GHSA-22qj-f25c-22mc
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.
CVE-2025-0516
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
CVE-2025-0516
Improper Authorization in GitLab CE/EE affecting all versions from 17. ...
CVE-2024-9870
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.
CVE-2024-9870
An external service interaction vulnerability in GitLab EE affecting a ...
CVE-2024-9870
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.
CVE-2025-0516
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
GHSA-68hg-5q58-g3cv
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-8266 An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances. | CVSS3: 4.4 | 0% Низкий | 12 месяцев назад |
| GHSA-7wc9-4gpr-w6xx Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| GHSA-22qj-f25c-22mc An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
 | CVE-2025-0516 Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2025-0516 Improper Authorization in GitLab CE/EE affecting all versions from 17. ... | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-9870 An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-9870 An external service interaction vulnerability in GitLab EE affecting a ... | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-9870 An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2025-0516 Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| GHSA-68hg-5q58-g3cv An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу