Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2025-0314
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2024-11931
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.
CVE-2024-11931
An issue has been discovered in GitLab CE/EE affecting all versions st ...
CVE-2024-11931
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.
CVE-2025-0314
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.
GHSA-xhgq-h98j-859v
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs
CVE-2025-24397
An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins.
BDU:2025-02449
Уязвимость технологии SAML (Security Assertion Markup Language) программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю повысить свои привилегии
GHSA-j94v-jxmv-27r2
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.
CVE-2024-13041
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-0314 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 8.7 | 2% Низкий | около 1 года назад |
 | CVE-2024-11931 An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. | CVSS3: 6.4 | 0% Низкий | около 1 года назад |
| CVE-2024-11931 An issue has been discovered in GitLab CE/EE affecting all versions st ... | CVSS3: 6.4 | 0% Низкий | около 1 года назад |
 | CVE-2024-11931 An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. | CVSS3: 6.4 | 0% Низкий | около 1 года назад |
| CVE-2025-0314 An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting. | CVSS3: 8.7 | 2% Низкий | около 1 года назад |
| GHSA-xhgq-h98j-859v Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| CVE-2025-24397 An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
 | BDU:2025-02449 Уязвимость технологии SAML (Security Assertion Markup Language) программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю повысить свои привилегии | CVSS3: 3.1 | 0% Низкий | около 1 года назад |
| GHSA-j94v-jxmv-27r2 An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. | CVSS3: 4.2 | 0% Низкий | около 1 года назад |
| CVE-2024-13041 An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. | CVSS3: 4.2 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу