Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22193 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. | ||||
| CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
| Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | ||||
| CVE-2021-22215 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
| An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | ||||
| CVE-2021-22185 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki | ||||
| CVE-2021-22238 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. | ||||
| CVE-2021-22208 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. | ||||
| CVE-2021-22239 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
| An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | ||||
| CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | ||||
| CVE-2021-22187 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. | ||||
| CVE-2021-22252 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers | ||||
| CVE-2021-22200 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | ||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.1 High |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | ||||
| CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.1 Medium |
| Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link | ||||
| CVE-2021-22250 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | ||||
| CVE-2021-22248 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | ||||
| CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | ||||
| CVE-2021-22216 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | ||||
| CVE-2021-22253 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
| Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | ||||
| CVE-2021-22199 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. | ||||
| CVE-2021-22246 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.7 High |
| A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. | ||||