Exposição de GitLab
Development, Issue trackers331
score de exposição
761
sites usam
4
em exploração
24
críticos
CVEs
1.068 resultadosCVE-2021-39891MEDIUMIn all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the eEPSS 0.9%CVE-2021-22236MEDIUMDue to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerEPSS 0.9%CVE-2021-39867MEDIUMIn all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to triggEPSS 0.9%CVE-2021-22180MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to accesEPSS 0.9%CVE-2021-22186MEDIUMAn authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricEPSS 0.9%CVE-2022-1099MEDIUMAdding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior EPSS 0.9%CVE-2021-39932MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 beforeEPSS 0.9%CVE-2021-39931LOWAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 beforeEPSS 0.9%CVE-2021-39943MEDIUMAn authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versEPSS 0.9%CVE-2020-13312MEDIUMA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attEPSS 0.9%CVE-2022-1948HIGHAn issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick acEPSS 0.8%CVE-2022-1426LOWAn issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.EPSS 0.8%CVE-2021-39881LOWIn all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrarEPSS 0.8%CVE-2025-13927HIGHAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.8%CVE-2020-13283HIGHFor GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.EPSS 0.8%CVE-2022-2527HIGHAn issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions staEPSS 0.8%CVE-2021-22197LOWAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated usEPSS 0.8%CVE-2021-22237MEDIUMUnder specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. EPSS 0.8%CVE-2022-4131MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 beforeEPSS 0.8%CVE-2022-3514MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before EPSS 0.8%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →