This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gitlab First view 2014-01-24
Product Gitlab Last view 2020-10-08
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:* 426
cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:* 425
cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:* 424
cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:* 424
cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:* 424
cpe:2.3:a:gitlab:gitlab:5.4.1:*:*:*:*:*:*:* 423
cpe:2.3:a:gitlab:gitlab:3.1.0:*:*:*:enterprise:*:*:* 423
cpe:2.3:a:gitlab:gitlab:3.1.0:*:*:*:community:*:*:* 423
cpe:2.3:a:gitlab:gitlab:5.4.2:*:*:*:*:*:*:* 423
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* 423
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 423
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 423
cpe:2.3:a:gitlab:gitlab:3.2.0:*:*:*:community:*:*:* 423
cpe:2.3:a:gitlab:gitlab:3.2.0:*:*:*:enterprise:*:*:* 423
cpe:2.3:a:gitlab:gitlab:3.3.0:*:*:*:community:*:*:* 423
cpe:2.3:a:gitlab:gitlab:3.3.0:*:*:*:enterprise:*:*:* 423
cpe:2.3:a:gitlab:gitlab:1.1.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:enterprise:*:*:* 422
cpe:2.3:a:gitlab:gitlab:1.0.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:1.0.2:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:3.0.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.9.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:3.0.2:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:community:*:*:* 422
cpe:2.3:a:gitlab:gitlab:3.0.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:3.0.3:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:1.0.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:community:*:*:* 422
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:community:*:*:* 422
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:community:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.0.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.7.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:6.2.3:*:*:*:community:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.8.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.8.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:1.2.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.2.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:3.1.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:0.9.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:4.1.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:4.0.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.3.0:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:2.3.1:*:*:*:*:*:*:* 422
cpe:2.3:a:gitlab:gitlab:0.8.0:*:*:*:*:*:*:* 422

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.4 2020-10-08 CVE-2020-13344

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis

8.7 2020-10-08 CVE-2020-13340

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

6.5 2020-10-08 CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.

9.1 2020-10-07 CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.

6.5 2020-10-07 CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

2.7 2020-10-07 CVE-2020-13342

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email

4.3 2020-10-07 CVE-2020-13335

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

7.5 2020-10-07 CVE-2020-13334

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

6.5 2020-10-07 CVE-2020-13332

Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration.

5.4 2020-10-06 CVE-2020-13345

An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes

8.8 2020-10-06 CVE-2020-13343

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template

4.3 2020-10-06 CVE-2020-13333

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

5.4 2020-10-02 CVE-2020-13338

An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.

4.8 2020-10-02 CVE-2020-13337

An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.

4.8 2020-09-30 CVE-2020-13336

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.

5.4 2020-09-30 CVE-2020-13331

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.

5.4 2020-09-30 CVE-2020-13330

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.

6.5 2020-09-30 CVE-2020-13329

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.

4.8 2020-09-30 CVE-2020-13328

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.

4.3 2020-09-30 CVE-2020-13326

A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.

7.1 2020-09-30 CVE-2020-13325

A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.

6.5 2020-09-30 CVE-2020-13324

A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API.

7.7 2020-09-30 CVE-2020-13323

A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos

7.2 2020-09-30 CVE-2020-13322

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.

8.3 2020-09-30 CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
23% (78) CWE-200 Information Exposure
20% (66) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
7% (23) CWE-732 Incorrect Permission Assignment for Critical Resource
4% (16) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
4% (15) CWE-20 Improper Input Validation
4% (14) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (14) CWE-269 Improper Privilege Management
3% (13) CWE-639 Access Control Bypass Through User-Controlled Key
3% (10) CWE-287 Improper Authentication
2% (7) CWE-281 Improper Preservation of Permissions
2% (7) CWE-276 Incorrect Default Permissions
1% (6) CWE-613 Insufficient Session Expiration
1% (6) CWE-306 Missing Authentication for Critical Function
1% (4) CWE-770 Allocation of Resources Without Limits or Throttling
1% (4) CWE-284 Access Control (Authorization) Issues
0% (3) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
0% (3) CWE-532 Information Leak Through Log Files
0% (3) CWE-522 Insufficiently Protected Credentials
0% (3) CWE-285 Improper Access Control (Authorization)
0% (3) CWE-264 Permissions, Privileges, and Access Controls
0% (3) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
0% (2) CWE-362 Race Condition
0% (2) CWE-352 Cross-Site Request Forgery (CSRF)
0% (2) CWE-312 Cleartext Storage of Sensitive Information
0% (2) CWE-209 Information Exposure Through an Error Message

Snort® IPS/IDS

Date Description
2019-09-17 Gitlab directory traversal attempt
RuleID : 51058 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51057 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51056 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51055 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51054 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51053 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51052 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51051 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51050 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51049 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51048 - Type : FILE-OTHER - Revision : 1
2019-09-17 Gitlab directory traversal attempt
RuleID : 51047 - Type : FILE-OTHER - Revision : 1
2014-11-16 Gitlab ssh key upload command injection attempt
RuleID : 31747 - Type : SERVER-WEBAPP - Revision : 4

Nessus® Vulnerability Scanner

id Description
2019-01-17 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ff50192c19eb11e98573001b217b3468.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b2f4ab910e6b11e98700001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_70b774a805bc11e987ad001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_757e6ee8ff9111e8a148001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9d3428d4f98c11e8a148001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8a4aba2df33e11e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d889d32cecd911e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b51d9e83de0811e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b9591212dba711e89416001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-09 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_23413442c8ea11e8b35c001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-07-27 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2da838f9916811e88c75d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8fc615cc8a6611e88c75d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-06-27 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b950a83b789e11e88545d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4206.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9dfe61c84d1511e88f2fd8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-03-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_dc0c201c31da11e8ac53d8cb8abf62dd.nasl - Type: ACT_GATHER_INFO
2018-03-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4145.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_65fab89f223146db8541978f4e87f32a.nasl - Type: ACT_GATHER_INFO
2017-08-14 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_abcc5ad37e6a11e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_92f4191a6d2511e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_5d62950f3bb511e793f7d43d7e971a1b.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_10968dfda68711e6b2d360a44ce6887b.nasl - Type: ACT_GATHER_INFO
2016-05-04 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_be72e773113111e694fa002590263bf5.nasl - Type: ACT_GATHER_INFO