Exposure of GitLab

Development, Issue trackers

312

exposure score

761

sites use

4

exploited

24

critical

CVEs

1,055 results

CVE-2022-4092MEDIUMAn issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious REAEPSS 1.4%CVE-2017-0914—Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component rEPSS 1.4%CVE-2022-0751MEDIUMInaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets withEPSS 1.4%CVE-2021-22203HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 befoEPSS 1.4%CVE-2022-1431MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9EPSS 1.4%CVE-2019-15583—An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When anEPSS 1.4%CVE-2021-22166MEDIUMAn attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed methodEPSS 1.4%CVE-2022-1423HIGHImproper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions EPSS 1.4%CVE-2021-22245LOWImproper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossiblEPSS 1.4%CVE-2017-0922—Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resEPSS 1.4%CVE-2021-22228MEDIUMAn issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versiEPSS 1.4%CVE-2022-3283HIGHA potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 beEPSS 1.3%CVE-2020-13351MEDIUMInsufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheEPSS 1.3%CVE-2020-13314LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to suEPSS 1.3%CVE-2021-22246HIGHA vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial EPSS 1.3%CVE-2021-22171HIGHInsufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if thEPSS 1.3%CVE-2021-39880MEDIUMA Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all veEPSS 1.3%CVE-2021-39917MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 beforeEPSS 1.3%CVE-2020-13281MEDIUMFor GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import featureEPSS 1.3%CVE-2023-2198HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 beforEPSS 1.3%

← previouspage 6 / 53next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →