Exposure of GitLab
Development, Issue trackers331
exposure score
761
sites use
4
exploited
24
critical
CVEs
1,068 resultsCVE-2020-26415MEDIUMInformation about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This aEPSS 0.8%CVE-2021-39904MEDIUMAn Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions sEPSS 0.8%CVE-2020-13339MEDIUMAn issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is EPSS 0.8%CVE-2021-22233MEDIUMAn information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project detailsEPSS 0.8%CVE-2023-2069MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.1EPSS 0.8%CVE-2022-2826LOWAn issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.1EPSS 0.8%CVE-2021-22185MEDIUMInsufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerabiEPSS 0.8%CVE-2021-39889MEDIUMIn all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protecEPSS 0.8%CVE-2021-39930MEDIUMMissing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attEPSS 0.8%CVE-2021-39916MEDIUMLack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any ExtEPSS 0.8%CVE-2023-1084LOWAn issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versioEPSS 0.8%CVE-2022-4315MEDIUMAn issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headEPSS 0.8%CVE-2024-4835HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.8%CVE-2023-0326MEDIUMAn issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headeEPSS 0.8%CVE-2021-39876MEDIUMIn all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.EPSS 0.8%CVE-2021-22215HIGHAn information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members'EPSS 0.8%CVE-2022-3375LOWAn issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9EPSS 0.8%CVE-2021-39947MEDIUMIn specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the fiEPSS 0.8%CVE-2020-13335MEDIUMImproper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/tranEPSS 0.8%CVE-2021-22199LOWAn issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels werEPSS 0.8%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →