Количество 5 501
Количество 5 501
GHSA-jcrh-hfqv-cr47
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
GHSA-jc72-5mcm-wv54
GitLab through 12.9 is affected by a potential DoS in repository archive download.
GHSA-jc6j-h8ph-rhgw
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
GHSA-jc6h-6j87-fx8m
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge.
GHSA-jc5r-hf66-vmm4
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.
GHSA-jc5p-hfq2-7mfm
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
GHSA-j9w8-4m8f-75m4
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries.
GHSA-j9jv-5q76-4q2h
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses.
GHSA-j94v-jxmv-27r2
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups.
GHSA-j8qf-xxg6-jf5p
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.
GHSA-j8p4-7v92-r64p
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.
GHSA-j8mj-5fpw-2pc8
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
GHSA-j8j9-23cp-fr5v
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters.
GHSA-j875-427q-5q22
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
GHSA-j76w-jg9r-w5vr
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
GHSA-j73p-8vp4-6g28
An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.
GHSA-j733-4p4j-wcmp
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.
GHSA-j6mw-w229-ppqm
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
GHSA-j6mm-pjh3-2fh5
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.
GHSA-j6h5-jcwm-38vr
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-jcrh-hfqv-cr47 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. | 0% Низкий | почти 4 года назад | |
| GHSA-jc72-5mcm-wv54 GitLab through 12.9 is affected by a potential DoS in repository archive download. | 0% Низкий | почти 4 года назад | |
| GHSA-jc6j-h8ph-rhgw GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | 0% Низкий | почти 4 года назад | |
| GHSA-jc6h-6j87-fx8m An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| GHSA-jc5r-hf66-vmm4 A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. | CVSS3: 7.5 | 1% Низкий | почти 3 года назад |
| GHSA-jc5p-hfq2-7mfm An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-j9w8-4m8f-75m4 GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries. | CVSS3: 4.3 | 0% Низкий | 4 месяца назад |
| GHSA-j9jv-5q76-4q2h An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| GHSA-j94v-jxmv-27r2 An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. | CVSS3: 4.2 | 0% Низкий | около 1 года назад |
| GHSA-j8qf-xxg6-jf5p An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| GHSA-j8p4-7v92-r64p An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | 0% Низкий | почти 4 года назад | |
| GHSA-j8mj-5fpw-2pc8 An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | CVSS3: 3.5 | 0% Низкий | больше 2 лет назад |
| GHSA-j8j9-23cp-fr5v GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters. | CVSS3: 6.5 | 0% Низкий | 4 месяца назад |
| GHSA-j875-427q-5q22 An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | CVSS3: 8.7 | 0% Низкий | 10 месяцев назад |
| GHSA-j76w-jg9r-w5vr An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 0% Низкий | почти 4 года назад | |
| GHSA-j73p-8vp4-6g28 An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
| GHSA-j733-4p4j-wcmp An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. | CVSS3: 5.3 | 3% Низкий | около 3 лет назад |
| GHSA-j6mw-w229-ppqm An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
| GHSA-j6mm-pjh3-2fh5 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-j6h5-jcwm-38vr An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. | 93% Критический | почти 4 года назад |
Уязвимостей на страницу