目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

GitLab 厂商漏洞列表 / CVE 中文分析 1012

GitLab 厂商相关 1012 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

GitLab 提供基于 Web 的 DevOps 平台,核心用于代码托管、CI/CD 及项目管理。其历史漏洞多涉及远程代码执行、越权访问及跨站脚本攻击,累计收录 CVE 达 1012 条。平台内置安全扫描功能,支持 SAST 与 DAST 集成,助力开发者在流水线中识别风险。尽管存在安全挑战,其持续更新的补丁机制与透明披露政策,使其成为企业构建安全软件供应链的重要基础设施。

上位製品 GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDタイトルCVSS深刻度公開日
CVE-2024-2743 Incorrect Authorization in GitLab — GitLabCWE-863 5.3 Medium2024-09-12
CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 6.4 Medium2024-09-12
CVE-2024-4660 Missing Authorization in GitLab — GitLabCWE-862 6.5 Medium2024-09-12
CVE-2024-5435 Generation of Error Message Containing Sensitive Information in GitLab — GitLabCWE-209 4.5 Medium2024-09-12
CVE-2024-6446 Business Logic Errors in GitLab — GitLabCWE-840 3.5 Low2024-09-12
CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab — GitLabCWE-497 4.3 Medium2024-09-12
CVE-2024-8124 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 7.5 High2024-09-12
CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLabCWE-77 8.5 High2024-09-12
CVE-2024-3127 Improper Access Control in GitLab — GitLabCWE-284 4.3 Medium2024-08-22
CVE-2024-6502 Incorrect Provision of Specified Functionality in GitLab — GitLabCWE-684 5.7 Medium2024-08-22
CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLabCWE-77 6.4 Medium2024-08-22
CVE-2024-8041 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-08-22
CVE-2024-2800 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 6.5 Medium2024-08-08
CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 6.8 Medium2024-08-08
CVE-2024-3114 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 4.3 Medium2024-08-08
CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab — GitLabCWE-94 5.3 Medium2024-08-08
CVE-2024-4207 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 4.4 Medium2024-08-08
CVE-2024-5423 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-08-08
CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 4.9 Medium2024-08-08
CVE-2024-7610 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 4.3 Medium2024-08-08
CVE-2024-4210 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-08-08
CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab — GitLabCWE-305 4.2 Medium2024-08-08
CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab — GitLabCWE-116 5.7 Medium2024-08-08
CVE-2024-7057 Improper Access Control in GitLab — GitLabCWE-284 4.3 Medium2024-07-25
CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.7 High2024-07-25
CVE-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab — GitLabCWE-99 2.7 Low2024-07-24
CVE-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 4.4 Medium2024-07-24
CVE-2024-7060 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 2.6 Low2024-07-24
CVE-2024-7091 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 4.1 Medium2024-07-24
CVE-2024-6595 Uncontrolled Search Path Element in GitLab — GitLabCWE-451 3.0 Low2024-07-17

本页汇总了 GitLab 厂商截至目前公开的全部 1012 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。