Filtered by vendor Gitlab
Subscriptions
Total
1068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22250 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | ||||
| CVE-2021-22248 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | ||||
| CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | ||||
| CVE-2021-22216 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | ||||
| CVE-2021-22253 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
| Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | ||||
| CVE-2021-22199 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. | ||||
| CVE-2021-22246 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.7 High |
| A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. | ||||
| CVE-2021-22221 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired | ||||
| CVE-2021-22183 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.1 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. | ||||
| CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.7 Low |
| Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | ||||
| CVE-2021-22232 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | ||||
| CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.7 High |
| Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | ||||
| CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.8 Medium |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | ||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 10 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | ||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | ||||
| CVE-2021-22228 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql. | ||||
| CVE-2021-22188 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. | ||||
| CVE-2021-22190 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 8.5 High |
| A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | ||||
| CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.4 Low |
| An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | ||||
| CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | ||||