Gitlab Community Edition 漏洞

时间轴

去年

版本

11.0	75
11.3	74
11.1	73
11.2	73
11.4	63

修正

Official Fix	376
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	202

易受攻击性

High	1
Functional	0
Proof-of-Concept	0
Unproven	0
Not Defined	577

访问向量

Not Defined	0
Physical	0
Local	6
Adjacent	12
Network	560

身份验证

Not Defined	0
High	44
Low	287
None	247

用户交互

Not Defined	0
Required	129
None	449

CVSSv3 Base

≤1	0
≤2	0
≤3	8
≤4	55
≤5	147
≤6	171
≤7	124
≤8	49
≤9	24
≤10	0

CVSSv3 Temp

≤1	0
≤2	0
≤3	12
≤4	53
≤5	150
≤6	179
≤7	113
≤8	52
≤9	19
≤10	0

VulDB

≤1	0
≤2	5
≤3	28
≤4	76
≤5	177
≤6	127
≤7	87
≤8	78
≤9	0
≤10	0

NVD

≤1	0
≤2	0
≤3	2
≤4	6
≤5	67
≤6	95
≤7	84
≤8	65
≤9	26
≤10	24

CNA

≤1	0
≤2	1
≤3	13
≤4	26
≤5	65
≤6	42
≤7	27
≤8	21
≤9	14
≤10	10

供应商

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

零日攻击

<1k	98
<2k	359
<5k	120
<10k	0
<25k	1
<50k	0
<100k	0
≥100k	0

本日攻击

<1k	566
<2k	12
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Affected Versions (550): 3.0.1, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 7.10, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 8.9.6, 8.10, 8.11, 8.12, 8.13, 8.14, 8.15, 8.17, 8.17.1, 8.17.2, 8.17.3, 8.17.4, 8.17.5, 8.17.6, 8.17.7, 9, 9.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.11, 9.0.12, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 9.2, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.2.9, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 9.3.6, 9.3.7, 9.3.8, 9.3.9, 9.4, 9.4.1, 9.4.2, 9.4.3, 9.5, 10.0, 10.1, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.3, 10.3.1, 10.3.2, 10.3.3, 10.4, 10.5, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.6, 10.6.1, 10.6.2, 10.6.3, 10.6.4, 10.7, 10.7.1, 10.7.2, 10.7.3, 10.7.4, 10.7.5, 10.7.6, 10.8, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.8.6, 11, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.1, 11.1.1, 11.1.2, 11.1.3, 11.1.4, 11.1.5, 11.1.6, 11.1.7, 11.2, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 11.2.5, 11.2.6, 11.3, 11.3.1, 11.3.2, 11.3.3, 11.3.4, 11.3.5, 11.3.6, 11.3.7, 11.3.8, 11.3.9, 11.3.11, 11.3.12, 11.3.13, 11.4, 11.4.1, 11.4.2, 11.4.3, 11.4.4, 11.4.5, 11.4.6, 11.4.7, 11.4.8, 11.4.9, 11.4.11, 11.4.12, 11.5, 11.5.0-rc11, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6, 11.6.1, 11.6.2, 11.6.3, 11.6.4, 11.6.5, 11.6.6, 11.6.7, 11.6.8, 11.6.9, 11.7, 11.7.1, 11.7.2, 11.7.3, 11.7.4, 11.7.5, 11.7.6, 11.7.7, 11.7.8, 11.7.9, 11.8, 11.8.1, 11.8.2, 11.8.3, 11.8.4, 11.8.5, 11.8.6, 11.8.7, 11.8.8, 11.8.9, 11.9, 11.9.1, 11.9.2, 11.9.3, 11.9.4, 11.9.5, 11.9.6, 11.9.7, 11.9.8, 11.9.9, 11.10, 11.10.1, 11.10.2, 11.11, 11.11.1, 11.11.2, 11.11.3, 11.11.4, 11.11.5, 11.11.6, 11.11.7, 12, 12.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.1, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.1.7, 12.1.8, 12.1.9, 12.1.11, 12.1.12, 12.1.13, 12.2, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.3, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.4, 12.5, 12.6, 12.6.1, 12.6.2, 12.6.3, 12.6.4, 12.6.5, 12.6.6, 12.7, 12.7.1, 12.7.2, 12.7.3, 12.7.4, 12.7.5, 12.7.6, 12.7.7, 12.7.8, 12.8, 12.8.1, 12.8.2, 12.8.3, 12.8.4, 12.8.5, 12.8.6, 12.8.7, 12.8.8, 12.9, 12.9.1, 12.9.2, 13, 13.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.1, 13.2, 13.3, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.3.5, 13.3.6, 13.3.7, 13.3.8, 13.4, 13.4.1, 13.4.2, 13.4.3, 13.4.4, 13.4.5, 13.4.6, 13.4.7, 13.5, 13.5.1, 13.5.2, 13.5.3, 13.5.4, 13.5.5, 13.6, 13.6.1, 13.6.2, 13.6.3, 13.7, 13.7.1, 13.7.9, 13.8, 13.9, 13.10.1, 13.10.2, 13.10.3, 13.10.4, 13.11, 13.11.1, 13.11.2, 13.11.3, 13.11.4, 13.11.5, 13.11.6, 13.12, 13.12.1, 13.12.2, 13.12.3, 13.12.4, 13.12.5, 13.12.6, 13.12.7, 13.12.8, 13.12.9, 14, 14.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.0.7, 14.1, 14.1.1, 14.1.2, 14.2, 14.3, 14.3.1, 14.3.2, 14.3.3, 14.3.4, 14.3.5, 14.3.6, 14.4, 14.4.1, 14.4.2, 14.4.3, 14.4.4, 14.5, 14.5.1, 14.5.2, 14.5.3, 14.5.4, 14.6, 14.6.1, 14.6.2, 14.6.3, 14.6.4, 14.6.5, 14.7, 14.7.1, 14.7.2, 14.7.3, 14.7.4, 14.7.5, 14.7.6, 14.7.7, 14.8, 14.8.1, 14.8.2, 14.8.3, 14.8.4, 14.8.5, 14.9, 14.9.1, 14.9.2, 14.9.3, 14.9.4, 14.10, 14.10.1, 14.10.2, 14.10.3, 14.10.4, 15, 15.0, 15.0.1, 15.0.2, 15.0.3, 15.0.4, 15.1, 15.1.1, 15.1.2, 15.1.3, 15.1.4, 15.1.5, 15.2, 15.2.1, 15.2.2, 15.2.3, 15.2.4, 15.3, 15.3.1, 15.3.2, 15.3.3, 15.3.4, 15.4, 15.4.1, 15.4.2, 15.4.3, 15.5, 15.5.1, 15.5.2, 15.5.3, 15.5.4, 15.5.5, 15.5.6, 15.6, 15.6.1, 15.6.2, 15.6.3, 15.7, 15.7.1, 15.7.2, 15.7.3, 15.7.4, 15.7.5, 15.7.6, 15.7.7, 15.8, 15.8.1, 15.8.2, 15.8.3, 15.8.4, 15.9, 15.9.1, 15.9.2, 15.9.3, 15.10, 16, 16.0, 16.0.1, 16.0.2, 16.0.3, 16.0.4, 16.0.5, 16.0.6, 16.0.7, 16.1, 16.1.1, 16.1.2, 16.1.3, 16.1.4, 16.1.5, 16.2, 16.2.1, 16.2.2, 16.2.3, 16.2.4, 16.2.5, 16.2.6, 16.2.7, 16.2.8, 16.3, 16.3.1, 16.3.2, 16.3.3, 16.3.4, 16.3.5, 16.3.6, 16.4, 16.4.1, 16.4.2, 16.4.3, 16.4.4, 16.5, 16.5.1, 16.5.2, 16.5.3, 16.5.4, 16.5.5, 16.6, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.7, 16.7.1, 16.7.2, 16.7.3, 16.7.4, 16.7.5, 16.8, 16.8.1, 16.8.2, 16.8.3, 16.8.4, 16.8.5, 16.9, 16.9.1, 16.9.2, 16.9.3, 16.9.4, 16.9.5, 16.10, 16.10.1, 16.10.2, 16.10.3, 16.11

Link to Product Website: https://gitlab.com/

软件类型: Bug Tracking Software

已发布	Base	Temp	漏洞	0day	今天	易	修正	CTI	CVE
2024-04-25	6.4	6.3	GitLab Community Edition/Enterprise Edition Bitbucket Credentials 弱身份验证	$0-$5k	$0-$5k	Not Defined	Official Fix	0.79+	CVE-2024-4024
2024-04-25	4.3	4.2	GitLab Community Edition/Enterprise Edition GraphQL Subscription 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.54+	CVE-2024-4006
2024-04-25	7.4	7.2	GitLab Community Edition/Enterprise Edition 目录遍历	$0-$5k	$0-$5k	Not Defined	Official Fix	0.45+	CVE-2024-2434
2024-04-25	4.3	4.2	GitLab Community Edition/Enterprise Edition Email Address 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.35+	CVE-2024-1347
2024-04-25	7.5	7.3	GitLab Community Edition/Enterprise Edition Wildcard Filter 拒绝服务	$0-$5k	$0-$5k	Not Defined	Official Fix	0.30+	CVE-2024-2829
2024-04-12	4.3	4.2	GitLab Community Edition/Enterprise Edition Chat Integration 拒绝服务	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-6489
2024-04-12	6.1	6.0	GitLab Community Edition/Enterprise Edition Diff Viewer 跨网站脚本	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2024-3092
2024-04-12	6.1	6.0	GitLab Community Edition/Enterprise Edition Autocomplete 跨网站脚本	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2024-2279
2024-03-28	6.1	6.0	GitLab Community Edition/Enterprise Edition Wiki Page 跨网站脚本	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	CVE-2023-6371
2024-03-28	4.3	4.2	GitLab Community Edition/Enterprise Edition Label 拒绝服务	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2024-2818
2024-02-22	6.1	6.0	GitLab Community Edition/Enterprise Edition User Profile Page 跨网站脚本	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2024-1451
2024-02-22	4.8	4.7	GitLab Community Edition/Enterprise Edition Secondary Email 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2024-1525
2024-01-26	8.1	7.9	GitLab Community Edition/Enterprise Edition Workspace 目录遍历	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2024-0402
2024-01-26	5.1	5.1	GitLab Community Edition/Enterprise Edition API PUT Request 跨网站脚本	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-5933
2024-01-26	5.4	5.3	GitLab Community Edition/Enterprise Edition Cargo.toml 拒绝服务	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2023-6159
2024-01-12	8.2	8.1	GitLab Community Edition/Enterprise Edition 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2023-5356
2024-01-12	4.4	4.3	GitLab Community Edition/Enterprise Edition 弱身份验证	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-2030
2024-01-12	8.0	7.9	GitLab Community Edition/Enterprise Edition Password Reset 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-7028
2023-12-15	4.7	4.6	GitLab Community Edition/Enterprise Edition File Name 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-5512
2023-12-15	5.5	5.4	GitLab Community Edition/Enterprise Edition Installation Package 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2023-6051
2023-12-01	5.9	5.8	GitLab Community Edition/Enterprise Edition Jira Integration Configuration 跨网站脚本	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2023-6033
2023-11-06	5.0	5.0	GitLab Community Edition/Enterprise Edition Regular Expression 拒绝服务	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2023-3909
2023-11-06	4.2	4.2	GitLab Community Edition/Enterprise Edition Feature Flag 信息公开	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2023-5831
2023-11-06	5.4	5.3	GitLab Community Edition/Enterprise Edition 拒绝服务	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-5825
2023-09-30	7.8	7.7	GitLab Community Edition/Enterprise Edition Pipeline Execution 权限升级	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2023-5207

Gitlab Community Edition 漏洞

时间轴

去年

版本

修正

易受攻击性

访问向量

身份验证

用户交互

C3BM Index

去年

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

供应商

Research

零日攻击

本日攻击

攻击市场容量

去年

🔴 CTI 活动

🔒 Login Required

Are you interested in using VulDB?