Vulnerabilidades em GitLab

1.068 resultados
Análise Vexday

Com 1.068 CVEs catalogadas e 78 novas surgidas nos últimos 90 dias, o GitLab apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com 4 CVEs confirmadas em uso por agentes de ameaça, mas a presença de 83 vulnerabilidades com prova de conceito pública e 24 de severidade crítica amplia consideravelmente a superfície de risco. O destaque mais preocupante é CVE-2021-22205, atualmente a CVE mais perigosa em exploração ativa, com EPSS de 0,9973 — valor que indica probabilidade altíssima de exploração —, e cuja falha de tipo mais recorrente na plataforma, CWE-770 (alocação de recursos sem limites adequados), sugere atenção redobrada a controles de validação de entrada e gestão de recursos. Equipes de segurança devem priorizar a remediação das CVEs com PoC disponível e manter rastreamento próximo das novas emissões, dado o ritmo relevante de descobertas recentes.

CVE-2025-2934MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%CVE-2023-5512MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.5%CVE-2025-6948HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.5%CVE-2023-6386MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%CVE-2022-4255MEDIUMAn info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 whiEPSS 0.5%CVE-2024-5430MEDIUMImproper Access Control in GitLabEPSS 0.5%CVE-2023-6371HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.5%CVE-2024-1493MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.5%CVE-2024-4660MEDIUMMissing Authorization in GitLabEPSS 0.5%CVE-2023-3102MEDIUMInsertion of Sensitive Information Into Sent Data in GitLabEPSS 0.5%CVE-2024-0456MEDIUMDirect Request ('Forced Browsing') in GitLabEPSS 0.5%CVE-2023-4002MEDIUMInsertion of Sensitive Information Into Sent Data in GitLabEPSS 0.5%CVE-2025-8405HIGHImproper Encoding or Escaping of Output in GitLabEPSS 0.5%CVE-2025-10004HIGHAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%CVE-2024-8977HIGHServer-Side Request Forgery (SSRF) in GitLabEPSS 0.5%CVE-2023-3906LOWImproper Validation of Specified Type of Input in GitLabEPSS 0.5%CVE-2024-4201MEDIUMImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.5%CVE-2024-9693HIGHIncorrect Authorization in GitLabEPSS 0.5%CVE-2023-5963LOWAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%CVE-2021-22202LOWAn issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in EPSS 0.5%