This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gitlab First view 2014-01-24
Product Gitlab Last view 2025-05-22
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:* 1082
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:* 1081
cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:* 1080
cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:* 1080
cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:* 1080
cpe:2.3:a:gitlab:gitlab:2.5.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.3.1:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.4.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.3.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.3.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.2.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:0.8.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.1.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.0.2:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.8.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.7.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.1.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.2.2:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:0.9.6:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:0.9.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.2.0:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.0.1:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.3.0:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:4.0.0:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.4.0:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.0.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:5.4.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:5.4.2:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.0.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.0.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.9.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.9.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.2.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.1.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.0.2:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.0.3:*:*:*:community:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:4.0.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:3.0.3:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.8.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.6.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:2.0.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.2.1:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:1.0.0:*:*:*:*:*:*:* 1079
cpe:2.3:a:gitlab:gitlab:0.9.4:*:*:*:*:*:*:* 1079

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2025-05-22 CVE-2025-3111

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..

6.5 2025-05-22 CVE-2025-2853

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.

4.3 2025-05-22 CVE-2025-1110

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

6.5 2025-05-22 CVE-2025-0993

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

4.3 2025-05-22 CVE-2025-0679

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

4.3 2025-05-22 CVE-2025-0605

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

6.1 2025-03-03 CVE-2025-0555

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

6.1 2025-03-03 CVE-2025-0475

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.

5.4 2025-03-03 CVE-2024-8186

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.

0 2025-03-03 CVE-2024-10925

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML

0 2025-01-08 CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

0 2024-12-25 CVE-2023-5117

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.

0 2024-12-16 CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests.

0 2024-12-16 CVE-2024-8116

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.

0 2024-12-12 CVE-2024-9387

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

0 2024-12-12 CVE-2024-9367

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.

0 2024-12-12 CVE-2024-8647

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

0 2024-12-12 CVE-2024-8233

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

0 2024-12-12 CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.

0 2024-12-12 CVE-2024-12570

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.

0 2024-12-12 CVE-2024-12292

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

0 2024-12-12 CVE-2024-11274

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

0 2024-12-12 CVE-2024-10043

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.

7.5 2024-11-26 CVE-2024-8237

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

7.5 2024-11-26 CVE-2024-8177

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
24% (139) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (47) CWE-200 Information Exposure
6% (36) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (28) CWE-639 Access Control Bypass Through User-Controlled Key
4% (27) CWE-732 Incorrect Permission Assignment for Critical Resource
4% (27) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
4% (25) CWE-770 Allocation of Resources Without Limits or Throttling
2% (17) CWE-287 Improper Authentication
2% (16) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (16) CWE-269 Improper Privilege Management
2% (16) CWE-20 Improper Input Validation
2% (14) CWE-532 Information Leak Through Log Files
2% (12) CWE-352 Cross-Site Request Forgery (CSRF)
1% (10) CWE-276 Incorrect Default Permissions
1% (9) CWE-209 Information Exposure Through an Error Message
1% (8) CWE-281 Improper Preservation of Permissions
1% (8) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (7) CWE-306 Missing Authentication for Critical Function
1% (7) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
1% (6) CWE-613 Insufficient Session Expiration
1% (6) CWE-116 Improper Encoding or Escaping of Output
0% (5) CWE-668 Exposure of Resource to Wrong Sphere
0% (5) CWE-312 Cleartext Storage of Sensitive Information
0% (5) CWE-295 Certificate Issues
0% (4) CWE-640 Weak Password Recovery Mechanism for Forgotten Password

SAINT Exploits

Description Link
GitLab ExifTool uploaded image command injection More info here

Snort® IPS/IDS

Date Description
2019-09-17 Gitlab directory traversal attempt
RuleID : 51058 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51057 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51056 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51055 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51054 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51053 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51052 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51051 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51050 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51049 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51048 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51047 - Type : FILE-OTHER - Revision : 1
2014-11-16 Gitlab ssh key upload command injection attempt
RuleID : 31747 - Type : SERVER-WEBAPP - Revision : 4

Nessus® Vulnerability Scanner

id Description
2019-01-17 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ff50192c19eb11e98573001b217b3468.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b2f4ab910e6b11e98700001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_70b774a805bc11e987ad001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_757e6ee8ff9111e8a148001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9d3428d4f98c11e8a148001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8a4aba2df33e11e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d889d32cecd911e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b51d9e83de0811e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b9591212dba711e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-09 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_23413442c8ea11e8b35c001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_065b3b72c5ab11e89ae2001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-07-27 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2da838f9916811e88c75d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8fc615cc8a6611e88c75d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-06-27 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b950a83b789e11e88545d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4206.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9dfe61c84d1511e88f2fd8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-03-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_dc0c201c31da11e8ac53d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-03-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4145.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_65fab89f223146db8541978f4e87f32a.nasl - Type: ACT_GATHER_INFO
2017-08-14 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_abcc5ad37e6a11e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_92f4191a6d2511e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_5d62950f3bb511e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_10968dfda68711e6b2d360a44ce6887b.nasl - Type: ACT_GATHER_INFO
2016-05-04 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_be72e773113111e694fa002590263bf5.nasl - Type: ACT_GATHER_INFO