Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22181 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.7 High |
| A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. | ||||
| CVE-2021-22177 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | ||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | ||||
| CVE-2021-22178 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. | ||||
| CVE-2021-22210 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results. | ||||
| CVE-2021-22186 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.9 Medium |
| An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners | ||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | ||||
| CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.4 Medium |
| All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. | ||||
| CVE-2021-22179 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
| A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. | ||||
| CVE-2021-22218 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.6 Low |
| All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. | ||||
| CVE-2021-22217 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
| A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request | ||||
| CVE-2021-22180 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. | ||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.7 Medium |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | ||||
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 9.9 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | ||||
| CVE-2021-22203 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. | ||||
| CVE-2021-22172 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page | ||||
| CVE-2021-22168 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. | ||||
| CVE-2021-22166 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method | ||||
| CVE-2021-22182 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. | ||||
| CVE-2021-22176 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests | ||||