GitLab 厂商漏洞列表 / CVE 中文分析 1012

GitLab 厂商相关 1012 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

GitLab 提供基于 Web 的 DevOps 平台，核心用于代码托管、CI/CD 及项目管理。其历史漏洞多涉及远程代码执行、越权访问及跨站脚本攻击，累计收录 CVE 达 1012 条。平台内置安全扫描功能，支持 SAST 与 DAST 集成，助力开发者在流水线中识别风险。尽管存在安全挑战，其持续更新的补丁机制与透明披露政策，使其成为企业构建安全软件供应链的重要基础设施。

上位製品 GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2024-2454	Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770	6.5	Medium	2024-05-09
CVE-2024-2651	Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333	6.5	Medium	2024-05-09
CVE-2024-4539	Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770	4.3	Medium	2024-05-09
CVE-2024-4597	Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352	5.7	Medium	2024-05-09
CVE-2024-4024	Authentication Bypass by Assumed-Immutable Data in GitLab — GitLabCWE-302	7.3	High	2024-04-25
CVE-2024-4006	Incorrect Authorization in GitLab — GitLabCWE-863	4.3	Medium	2024-04-25
CVE-2024-1347	Authentication Bypass by Spoofing in GitLab — GitLabCWE-290	4.3	Medium	2024-04-25
CVE-2024-2434	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab — GitLabCWE-22	8.5	High	2024-04-25
CVE-2024-2829	Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333	7.5	High	2024-04-25
CVE-2023-6489	Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333	4.3	Medium	2024-04-12
CVE-2023-6678	Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333	4.3	Medium	2024-04-12
CVE-2024-2279	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79	8.7	High	2024-04-12
CVE-2024-3092	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79	8.7	High	2024-04-12
CVE-2023-6371	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79	8.7	High	2024-03-28
CVE-2024-2818	Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770	4.3	Medium	2024-03-28
CVE-2024-0199	Incorrect Authorization in GitLab — GitLabCWE-863	7.7	High	2024-03-07
CVE-2024-1299	Privilege Chaining in GitLab — GitLabCWE-268	6.5	Medium	2024-03-07
CVE-2023-4895	Missing Authorization in GitLab — GitLabCWE-862	4.3	Medium	2024-02-22
CVE-2023-6477	Incorrect Privilege Assignment in GitLab — GitLabCWE-266	6.7	Medium	2024-02-21
CVE-2024-0410	Improper Enforcement of Behavioral Workflow in GitLab — GitLabCWE-841	7.7	High	2024-02-21
CVE-2024-1451	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79	8.7	High	2024-02-21
CVE-2024-1525	Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLabCWE-288	5.3	Medium	2024-02-21
CVE-2024-0861	Direct Request ('Forced Browsing') in GitLab — GitLabCWE-425	4.3	Medium	2024-02-21
CVE-2023-3509	Incorrect Authorization in GitLab — GitLabCWE-863	3.7	Low	2024-02-21
CVE-2024-1250	Privilege Chaining in GitLab — GitLabCWE-268	6.5	Medium	2024-02-12
CVE-2023-6564	Incorrect Authorization in GitLab — GitLabCWE-863	6.5	Medium	2024-02-08
CVE-2023-6736	Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333	6.5	Medium	2024-02-07
CVE-2023-6840	Missing Authorization in GitLab — GitLabCWE-862	6.7	Medium	2024-02-07
CVE-2024-1066	Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770	6.5	Medium	2024-02-07
CVE-2023-5612	Missing Authorization in GitLab — GitLabCWE-862	5.3	Medium	2024-01-26

本页汇总了 GitLab 厂商截至目前公开的全部 1012 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

GitLab 厂商漏洞列表 / CVE 中文分析 1012

目標達成すべての支援者に感謝 — 100%達成しました！