GitLab 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab, whic...

UBUNTU-CVE-2021-22246

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

GitLab安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. A security vulnerability exists in GitLab versions prior to 14.0.2, 13.12.6,...

PT-2021-6607 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.3 through 13.11.6 GitLab CE/EE version 13.12.6 GitLab CE/EE version 14.0.2 Description: The issue is related to improper code rendering while rendering merge requests, which could be exploited to submit malicious code...

GitLab CE/EE 信任管理问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions 12.8 through 13.10.5, 13.11...

UBUNTU-CVE-2021-22190

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token...

PT-2021-14887 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8 and later Description: The issue concerns improper authorization, allowing a guest user in a private project to view tag data that should be inaccessible on the releases page. This affects the confidentiality of project...

PT-2021-6603 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 and later Description: The issue is related to improper authorization, allowing guest users to create issues for Sentry errors and track their status. This could potentially enable a remote attacker to access...

PT-2021-14897 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 and up Description: An authorization issue allowed a group maintainer to modify group CI/CD variables, which should be restricted to group owners. Recommendations: For GitLab CE/EE versions 9.4 and up, consider...

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data No CVE numbers have yet been...

UBUNTU-CVE-2020-26414

An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string...

UBUNTU-CVE-2021-22168

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8...

PT-2021-4079 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.8 and later Description: The issue is related to improper validation of authorization tokens in GitLab, which can result in the execution of GraphQL mutations. This can potentially allow a remote attacker to impact da...

UBUNTU-CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

UBUNTU-CVE-2020-26417

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...

PT-2020-13493 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.2 through 13.3.8 GitLab CE/EE versions 13.4 through 13.4.4 GitLab CE/EE versions 13.5 through 13.5.1 Description: Private group information is leaked in GitLab CE/EE when a project is moved from a private to a public...

PT-2020-13480 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab, where there is an XSS in SVG File Preview. The overall impact is limited, as only the curren...

UBUNTU-CVE-2020-13342

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email...

CVE-2020-13323

A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos...