Количество 5 501
Количество 5 501
GHSA-cx75-44jc-g7gv
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.
GHSA-cwjh-rrw3-f8rp
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
GHSA-cw76-xvhc-pwcw
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.
GHSA-cvvf-6v6p-vxjx
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
GHSA-cvqc-8rrv-whf2
A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
GHSA-cv6r-jfw8-2rmq
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
GHSA-crr3-cvh5-8wfr
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
GHSA-cr8m-4w78-jxp2
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.
GHSA-cr3m-m96g-29v4
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
GHSA-cqvh-4wv3-g3cj
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.
GHSA-cqj2-v4jv-jmhc
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.
GHSA-cqcc-25cv-67xr
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
GHSA-cpx5-2q84-prc5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to leak sensitive information from specifically crafted merge request titles.
GHSA-cpvr-6632-w329
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.
GHSA-cpg4-gv23-mpmj
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of.
GHSA-cmg3-7mvj-rgrr
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.
GHSA-cjjr-h37f-5xw7
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.
GHSA-cjf2-62xp-p6mj
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.
GHSA-chxc-x49q-7m83
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.
GHSA-chvg-47qc-prxj
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-cx75-44jc-g7gv An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | 0% Низкий | почти 4 года назад | |
| GHSA-cwjh-rrw3-f8rp An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. | CVSS3: 3.1 | 0% Низкий | больше 1 года назад |
| GHSA-cw76-xvhc-pwcw An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. | 0% Низкий | почти 4 года назад | |
| GHSA-cvvf-6v6p-vxjx GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | 0% Низкий | почти 4 года назад | |
| GHSA-cvqc-8rrv-whf2 A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| GHSA-cv6r-jfw8-2rmq Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | CVSS3: 8.8 | 6% Низкий | почти 4 года назад |
| GHSA-crr3-cvh5-8wfr An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-cr8m-4w78-jxp2 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| GHSA-cr3m-m96g-29v4 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | 0% Низкий | почти 4 года назад | |
| GHSA-cqvh-4wv3-g3cj An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-cqj2-v4jv-jmhc An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page. | CVSS3: 4.3 | 1% Низкий | около 3 лет назад |
| GHSA-cqcc-25cv-67xr Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-cpx5-2q84-prc5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to leak sensitive information from specifically crafted merge request titles. | CVSS3: 3.5 | 0% Низкий | 4 месяца назад |
| GHSA-cpvr-6632-w329 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | CVSS3: 9.8 | 0% Низкий | почти 4 года назад |
| GHSA-cpg4-gv23-mpmj An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-cmg3-7mvj-rgrr An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. | 0% Низкий | почти 4 года назад | |
| GHSA-cjjr-h37f-5xw7 An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | CVSS3: 5 | 0% Низкий | больше 2 лет назад |
| GHSA-cjf2-62xp-p6mj An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | CVSS3: 4.9 | 0% Низкий | больше 2 лет назад |
| GHSA-chxc-x49q-7m83 An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. | CVSS3: 8.2 | 0% Низкий | больше 2 лет назад |
| GHSA-chvg-47qc-prxj Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу