Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2024-11828
A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...
CVE-2024-11669
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
CVE-2024-11669
An issue was discovered in GitLab CE/EE affecting all versions from 16 ...
CVE-2024-11668
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.
CVE-2024-11668
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2024-8177
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.
CVE-2024-11669
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
CVE-2024-8237
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.
CVE-2024-11828
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.
CVE-2024-11668
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2024-11828 A denial of service (DoS) condition was discovered in GitLab CE/EE aff ... | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
 | CVE-2024-11669 An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| CVE-2024-11669 An issue was discovered in GitLab CE/EE affecting all versions from 16 ... | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| CVE-2024-11668 An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. | CVSS3: 4.2 | 0% Низкий | около 1 года назад |
| CVE-2024-11668 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 4.2 | 0% Низкий | около 1 года назад |
 | CVE-2024-8177 An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| CVE-2024-11669 An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| CVE-2024-8237 A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| CVE-2024-11828 A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| CVE-2024-11668 An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. | CVSS3: 4.2 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу