Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  Security Vulnerabilities
CVE-2024-10925
A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML
CVSS Score
5.3
EPSS Score
0.0
Published
2025-03-03
CVE-2024-8186
An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-03-03
CVE-2024-3303
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
CVSS Score
6.4
EPSS Score
0.003
Published
2025-02-13
CVE-2025-1198
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-02-13
CVE-2024-8266
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-02-13
CVE-2024-7102
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVSS Score
9.6
EPSS Score
0.0
Published
2025-02-13
CVE-2024-9870
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-02-12
CVE-2025-0516
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-02-12
CVE-2025-1212
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-12
CVE-2025-1042
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved