Exposición de GitLab
Development, Issue trackers312
score de exposición
761
sitios usan
4
en explotación
24
críticos
CVEs
1055 resultadosCVE-2022-2250MEDIUMAn open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15EPSS 1.2%CVE-2020-13299HIGHA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokEPSS 1.2%CVE-2020-13294MEDIUMIn GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.EPSS 1.2%CVE-2021-39908MEDIUMIn all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting EPSS 1.2%CVE-2022-3759MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 beforeEPSS 1.2%CVE-2023-0518MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 beforeEPSS 1.2%CVE-2020-13352LOWPrivate group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. AffectedEPSS 1.2%CVE-2020-13287MEDIUMA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPICEPSS 1.2%CVE-2021-22177MEDIUMPotential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource EPSS 1.2%CVE-2020-26411MEDIUMA potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.EPSS 1.2%CVE-2020-13279HIGHClient side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user systemEPSS 1.2%CVE-2020-13273HIGHA Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1EPSS 1.2%CVE-2021-39941LOWAn information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project membEPSS 1.2%CVE-2020-13341MEDIUMAn issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attaEPSS 1.2%CVE-2022-2251MEDIUMImproper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.EPSS 1.2%CVE-2020-13303HIGHA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthoEPSS 1.2%CVE-2020-13295MEDIUMFor GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.EPSS 1.2%CVE-2020-26417MEDIUMInformation disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6EPSS 1.2%CVE-2020-13322HIGHA vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create aEPSS 1.1%CVE-2021-22210MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GEPSS 1.1%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →