Vulnerabilidades en GitLab

1068 resultados
Análisis Vexday

Com 1.068 CVEs catalogadas e 78 novas surgidas nos últimos 90 dias, o GitLab apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com 4 CVEs confirmadas em uso por agentes de ameaça, mas a presença de 83 vulnerabilidades com prova de conceito pública e 24 de severidade crítica amplia consideravelmente a superfície de risco. O destaque mais preocupante é CVE-2021-22205, atualmente a CVE mais perigosa em exploração ativa, com EPSS de 0,9973 — valor que indica probabilidade altíssima de exploração —, e cuja falha de tipo mais recorrente na plataforma, CWE-770 (alocação de recursos sem limites adequados), sugere atenção redobrada a controles de validação de entrada e gestão de recursos. Equipes de segurança devem priorizar a remediação das CVEs com PoC disponível e manter rastreamento próximo das novas emissões, dado o ritmo relevante de descobertas recentes.

CVE-2024-4207MEDIUMImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%CVE-2025-7739HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%CVE-2025-11042MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.3%CVE-2025-12697LOWImproper Encoding or Escaping of Output in GitLabEPSS 0.3%CVE-2021-39919MEDIUMIn all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting frEPSS 0.3%CVE-2025-6601LOWBusiness Logic Errors in GitLabEPSS 0.3%CVE-2026-4524MEDIUMAuthentication Bypass Using an Alternate Path or Channel in GitLabEPSS 0.3%CVE-2025-6769MEDIUMExposure of Sensitive System Information to an Unauthorized Control Sphere in GitLabEPSS 0.3%CVE-2026-1387MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.3%CVE-2025-7734HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%CVE-2025-6186HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%CVE-2024-1816MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.3%CVE-2023-7045MEDIUMCross-Site Request Forgery (CSRF) in GitLabEPSS 0.3%CVE-2024-7060LOWExposure of Sensitive Information to an Unauthorized Actor in GitLabEPSS 0.3%CVE-2025-2408MEDIUMInsufficient Granularity of Access Control in GitLabEPSS 0.3%CVE-2024-4597MEDIUMCross-Site Request Forgery (CSRF) in GitLabEPSS 0.3%CVE-2025-13772HIGHMissing Authorization in GitLabEPSS 0.3%CVE-2025-2255HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%CVE-2025-0811HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%CVE-2025-2254HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.3%