Exposición de GitLab
Development, Issue trackers312
score de exposición
761
sitios usan
4
en explotación
24
críticos
CVEs
1055 resultadosCVE-2022-1940HIGHA Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior EPSS 6.3%CVE-2025-4278HIGHImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLabEPSS 6.1%CVE-2024-6385CRITICALImproper Access Control in GitLabEPSS 6.0%CVE-2017-0916—Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component rEPSS 5.7%CVE-2017-0915—Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote cEPSS 5.7%CVE-2023-2478CRITICALAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 beforEPSS 5.0%CVE-2017-0918—Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code exeEPSS 4.6%CVE-2023-5612MEDIUMMissing Authorization in GitLabEPSS 4.4%CVE-2020-13288MEDIUMIn GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs pageEPSS 4.0%CVE-2024-0402CRITICALImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLabEPSS 3.3%CVE-2021-22201CRITICALAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on EPSS 3.1%CVE-2018-3710—Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resultinEPSS 2.9%CVE-2019-5464—A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF wheEPSS 2.8%CVE-2019-5462—A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has chaEPSS 2.5%CVE-2020-13347CRITICALA command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configuredEPSS 2.3%CVE-2024-6530HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 2.1%CVE-2020-13333MEDIUMA potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release hadEPSS 2.1%CVE-2020-13315LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amounEPSS 2.1%CVE-2013-4583—The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.EPSS 2.0%CVE-2024-6678CRITICALAuthentication Bypass by Spoofing in GitLabEPSS 2.0%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →