Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
GHSA-fr8h-r296-xggf
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.
GHSA-5fpq-xm8v-3843
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.
CVE-2024-9387
An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.
CVE-2024-9387
An issue was discovered in GitLab CE/EE affecting all versions from 11 ...
CVE-2024-9367
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.
CVE-2024-9367
An issue was discovered in GitLab CE/EE affecting all versions startin ...
CVE-2024-8647
An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.
CVE-2024-8647
An issue was discovered in GitLab affecting all versions starting 15.2 ...
CVE-2024-8233
An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.
CVE-2024-8233
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-fr8h-r296-xggf An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration. | CVSS3: 8.7 | 0% Низкий | около 1 года назад |
| GHSA-5fpq-xm8v-3843 An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | CVSS3: 3.1 | 0% Низкий | около 1 года назад |
 | CVE-2024-9387 An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint. | CVSS3: 6.4 | 0% Низкий | около 1 года назад |
| CVE-2024-9387 An issue was discovered in GitLab CE/EE affecting all versions from 11 ... | CVSS3: 6.4 | 0% Низкий | около 1 года назад |
| CVE-2024-9367 An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| CVE-2024-9367 An issue was discovered in GitLab CE/EE affecting all versions startin ... | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| CVE-2024-8647 An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| CVE-2024-8647 An issue was discovered in GitLab affecting all versions starting 15.2 ... | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| CVE-2024-8233 An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request. | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
| CVE-2024-8233 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
Уязвимостей на страницу