Filtered by vendor Gitlab
Subscriptions
Total
1068 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | ||||
CVE-2021-22189 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.9 Medium |
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | ||||
CVE-2021-22213 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.8 High |
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | ||||
CVE-2021-22171 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.3 High |
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | ||||
CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.2 Medium |
Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | ||||
CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.1 Medium |
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | ||||
CVE-2021-22193 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. | ||||
CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | ||||
CVE-2021-22215 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | ||||
CVE-2021-22195 | 1 Gitlab | 1 Gitlab-vscode-extension | 2024-08-03 | 8.6 High |
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | ||||
CVE-2021-22185 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki | ||||
CVE-2021-22238 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. | ||||
CVE-2021-22208 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. | ||||
CVE-2021-22239 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | ||||
CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | ||||
CVE-2021-22187 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. | ||||
CVE-2021-22252 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers | ||||
CVE-2021-22200 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.9 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | ||||
CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.1 High |
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | ||||
CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.1 Medium |
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link |