This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gitlab First view 2014-01-24
Product Gitlab Last view 2025-03-03
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:* 1063
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:* 1062
cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:* 1061
cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:* 1061
cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:* 1061
cpe:2.3:a:gitlab:gitlab:2.5.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.3.1:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.4.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.3.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.3.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.2.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:0.8.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.1.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.0.2:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.8.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.7.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.1.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.2.2:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:0.9.6:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:0.9.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.2.0:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.0.1:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.3.0:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:4.0.0:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.4.0:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.0.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:5.4.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:5.4.2:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.0.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.0.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.9.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.9.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.2.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.1.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.0.2:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.0.3:*:*:*:community:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:4.0.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:3.0.3:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.8.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.6.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:2.0.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.2.1:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:1.0.0:*:*:*:*:*:*:* 1060
cpe:2.3:a:gitlab:gitlab:0.9.4:*:*:*:*:*:*:* 1060

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2025-03-03 CVE-2025-0555

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
6.1 2025-03-03 CVE-2025-0475

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.
5.4 2025-03-03 CVE-2024-8186

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.
7.5 2024-11-26 CVE-2024-8237

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.
7.5 2024-11-26 CVE-2024-8177

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.
8.8 2024-11-26 CVE-2024-8114

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.
7.5 2024-11-26 CVE-2024-11828

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.
7.5 2024-11-26 CVE-2024-11669

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
5.3 2024-11-26 CVE-2024-11668

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.
5.3 2024-11-26 CVE-2024-10240

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
8.8 2024-11-14 CVE-2024-9693

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.
7.5 2024-11-14 CVE-2024-9633

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
6.1 2024-11-14 CVE-2024-8648

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.
5.4 2024-11-14 CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.
6.5 2024-11-14 CVE-2024-7404

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.
5.4 2024-10-24 CVE-2024-8312

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.
6.5 2024-10-24 CVE-2024-6826

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
8.8 2024-10-11 CVE-2024-9164

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
8.8 2024-10-11 CVE-2024-8970

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
4.3 2024-10-11 CVE-2024-5005

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.
6.5 2024-10-10 CVE-2024-9623

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.
5.3 2024-10-10 CVE-2024-9596

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.
8.1 2024-10-10 CVE-2024-8977

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.
5.4 2024-10-10 CVE-2024-6530

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.
9.1 2024-10-01 CVE-2023-3441

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
24% (138) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (47) CWE-200 Information Exposure
6% (36) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (27) CWE-732 Incorrect Permission Assignment for Critical Resource
4% (26) CWE-639 Access Control Bypass Through User-Controlled Key
4% (26) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
3% (21) CWE-770 Allocation of Resources Without Limits or Throttling
2% (16) CWE-287 Improper Authentication
2% (16) CWE-269 Improper Privilege Management
2% (16) CWE-20 Improper Input Validation
2% (14) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (13) CWE-532 Information Leak Through Log Files
2% (12) CWE-352 Cross-Site Request Forgery (CSRF)
1% (10) CWE-276 Incorrect Default Permissions
1% (9) CWE-209 Information Exposure Through an Error Message
1% (8) CWE-281 Improper Preservation of Permissions
1% (8) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (7) CWE-306 Missing Authentication for Critical Function
1% (7) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
1% (6) CWE-613 Insufficient Session Expiration
1% (6) CWE-116 Improper Encoding or Escaping of Output
0% (5) CWE-668 Exposure of Resource to Wrong Sphere
0% (5) CWE-312 Cleartext Storage of Sensitive Information
0% (5) CWE-295 Certificate Issues
0% (4) CWE-640 Weak Password Recovery Mechanism for Forgotten Password

SAINT Exploits

Description Link
GitLab ExifTool uploaded image command injection More info here

Snort® IPS/IDS

Date Description
2019-09-17 Gitlab directory traversal attempt
RuleID : 51058 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51057 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51056 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51055 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51054 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51053 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51052 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51051 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51050 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51049 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51048 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51047 - Type : FILE-OTHER - Revision : 1
2014-11-16 Gitlab ssh key upload command injection attempt
RuleID : 31747 - Type : SERVER-WEBAPP - Revision : 4

Nessus® Vulnerability Scanner

id Description
2019-01-17 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ff50192c19eb11e98573001b217b3468.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b2f4ab910e6b11e98700001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_70b774a805bc11e987ad001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_757e6ee8ff9111e8a148001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9d3428d4f98c11e8a148001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8a4aba2df33e11e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d889d32cecd911e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b51d9e83de0811e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b9591212dba711e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-09 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_23413442c8ea11e8b35c001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_065b3b72c5ab11e89ae2001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-07-27 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2da838f9916811e88c75d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8fc615cc8a6611e88c75d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-06-27 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b950a83b789e11e88545d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4206.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9dfe61c84d1511e88f2fd8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-03-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_dc0c201c31da11e8ac53d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-03-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4145.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_65fab89f223146db8541978f4e87f32a.nasl - Type: ACT_GATHER_INFO
2017-08-14 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_abcc5ad37e6a11e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_92f4191a6d2511e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_5d62950f3bb511e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_10968dfda68711e6b2d360a44ce6887b.nasl - Type: ACT_GATHER_INFO
2016-05-04 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_be72e773113111e694fa002590263bf5.nasl - Type: ACT_GATHER_INFO