Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 16.11.7  Security Vulnerabilities
CVE-2024-7047
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-25
CVE-2024-7091
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.
CVSS Score
4.1
EPSS Score
0.001
Published
2024-07-24
CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
CVSS Score
2.7
EPSS Score
0.002
Published
2024-07-24
CVE-2024-5067
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-07-24
CVE-2024-7060
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
CVSS Score
2.6
EPSS Score
0.001
Published
2024-07-24
CVE-2024-4201
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.
CVSS Score
4.4
EPSS Score
0.015
Published
2024-06-12
CVE-2023-4895
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects
CVSS Score
4.3
EPSS Score
0.0
Published
2024-02-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved