Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22260 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.7 High |
| A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf | ||||
| CVE-2021-22264 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted. | ||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | ||||
| CVE-2021-22262 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page | ||||
| CVE-2021-22261 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.3 High |
| A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses | ||||
| CVE-2021-22258 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses | ||||
| CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | ||||
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | ||||
| CVE-2021-22237 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.6 Medium |
| Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 | ||||
| CVE-2021-22234 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 9.6 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. | ||||
| CVE-2021-22233 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | ||||
| CVE-2021-22211 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. | ||||
| CVE-2021-22244 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.1 Low |
| Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | ||||
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | ||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | ||||
| CVE-2021-22189 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.9 Medium |
| Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | ||||
| CVE-2021-22213 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.8 High |
| A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | ||||
| CVE-2021-22171 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.3 High |
| Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | ||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.2 Medium |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | ||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.1 Medium |
| A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | ||||