Логотип exploitDog
product: "gitlab"
Консоль
Логотип exploitDog

exploitDog

product: "gitlab"
Gitlab

Gitlabвеб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.

Релизный цикл, информация об уязвимостях

Продукт: Gitlab
Вендор: gitlab

График релизов

18.618.718.8202520262027

Недавние уязвимости Gitlab

Количество 5 336

github логотип

GHSA-8rmw-8cch-2w5c

12 месяцев назад

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

CVSS3: 8.7
EPSS: Низкий
github логотип

GHSA-f73r-7g7h-494m

12 месяцев назад

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-v488-9cvj-5mx7

12 месяцев назад

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2025-1212

12 месяцев назад

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

CVSS3: 4.3
EPSS: Низкий
debian логотип

CVE-2025-1212

12 месяцев назад

An information disclosure vulnerability in GitLab CE/EE affecting all ...

CVSS3: 4.3
EPSS: Низкий
nvd логотип

CVE-2025-1042

12 месяцев назад

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

CVSS3: 4.9
EPSS: Низкий
debian логотип

CVE-2025-1042

12 месяцев назад

An insecure direct object reference vulnerability in GitLab EE affecti ...

CVSS3: 4.9
EPSS: Низкий
nvd логотип

CVE-2025-0376

12 месяцев назад

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

CVSS3: 8.7
EPSS: Низкий
debian логотип

CVE-2025-0376

12 месяцев назад

An XSS vulnerability exists in GitLab CE/EE affecting all versions fro ...

CVSS3: 8.7
EPSS: Низкий
nvd логотип

CVE-2024-12379

12 месяцев назад

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-8rmw-8cch-2w5c

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

CVSS3: 8.7
2%
Низкий
12 месяцев назад
github логотип
GHSA-f73r-7g7h-494m

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

CVSS3: 4.9
0%
Низкий
12 месяцев назад
github логотип
GHSA-v488-9cvj-5mx7

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

CVSS3: 6.5
0%
Низкий
12 месяцев назад
nvd логотип
CVE-2025-1212

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

CVSS3: 4.3
0%
Низкий
12 месяцев назад
debian логотип
CVE-2025-1212

An information disclosure vulnerability in GitLab CE/EE affecting all ...

CVSS3: 4.3
0%
Низкий
12 месяцев назад
nvd логотип
CVE-2025-1042

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

CVSS3: 4.9
0%
Низкий
12 месяцев назад
debian логотип
CVE-2025-1042

An insecure direct object reference vulnerability in GitLab EE affecti ...

CVSS3: 4.9
0%
Низкий
12 месяцев назад
nvd логотип
CVE-2025-0376

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

CVSS3: 8.7
2%
Низкий
12 месяцев назад
debian логотип
CVE-2025-0376

An XSS vulnerability exists in GitLab CE/EE affecting all versions fro ...

CVSS3: 8.7
2%
Низкий
12 месяцев назад
nvd логотип
CVE-2024-12379

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

CVSS3: 6.5
0%
Низкий
12 месяцев назад

Уязвимостей на страницу

Поделиться