Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1055 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-22221 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired | ||||
CVE-2021-22183 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.1 Medium |
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. | ||||
CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.7 Low |
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | ||||
CVE-2021-22232 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | ||||
CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.7 High |
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | ||||
CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | ||||
CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 10 Critical |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | ||||
CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | ||||
CVE-2021-22228 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql. | ||||
CVE-2021-22188 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. | ||||
CVE-2021-22190 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.5 High |
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | ||||
CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.4 Low |
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | ||||
CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | ||||
CVE-2021-22251 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | ||||
CVE-2021-22170 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.2 Medium |
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | ||||
CVE-2021-22194 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.7 Medium |
In all versions of GitLab, marshalled session keys were being stored in Redis. | ||||
CVE-2021-22169 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. | ||||
CVE-2021-22220 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.1 Medium |
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks. | ||||
CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.5 Medium |
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | ||||
CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.2 Medium |
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. |