Exposição de GitLab
Development, Issue trackers331
score de exposição
761
sites usam
4
em exploração
24
críticos
CVEs
1.068 resultadosCVE-2020-13305LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upoEPSS 1.0%CVE-2020-13318MEDIUMA vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a crEPSS 1.0%CVE-2024-8640HIGHImproper Neutralization of Special Elements used in a Command ('Command Injection') in GitLabEPSS 1.0%CVE-2021-39895MEDIUMIn all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unEPSS 1.0%CVE-2020-13313MEDIUMA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgrEPSS 1.0%CVE-2021-22264MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.EPSS 1.0%CVE-2022-3613MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versioEPSS 1.0%CVE-2021-22249MEDIUMA verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a groupEPSS 1.0%CVE-2022-0124MEDIUMAn issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's SEPSS 1.0%CVE-2022-2497HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 beforeEPSS 1.0%CVE-2021-39884MEDIUMIn all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privilegEPSS 1.0%CVE-2021-22258MEDIUMThe project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addressesEPSS 1.0%CVE-2022-0740LOWIncorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 beEPSS 1.0%CVE-2019-15581—An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project ownEPSS 1.0%CVE-2021-22230MEDIUMImproper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE EPSS 1.0%CVE-2021-39872MEDIUMIn all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still accEPSS 1.0%CVE-2023-0485MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9EPSS 1.0%CVE-2020-13291HIGHIn GitLab before 13.2.3, project sharing could temporarily allow too permissive access.EPSS 1.0%CVE-2021-39910LOWAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 beforeEPSS 1.0%CVE-2021-39890LOWIt was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.EPSS 1.0%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →