Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-39933 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression us...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.Show less
CVE-2021-39932 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, th...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.Show less
CVE-2021-39931 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 3.5 LOW· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.Show less
CVE-2021-39930 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
CVE-2021-39919 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are acc...Show more In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.Show less
CVE-2021-39918 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to...Show more Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.Show less
CVE-2021-39917 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression rel...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.Show less
CVE-2021-39916 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions s...Show more Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.Show less
CVE-2021-39915 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an...Show more Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projectsShow less
CVE-2021-39910 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.Show less
CVE-2021-39890 1Gitlab 1Gitlab Nov 21, 2024 Dec 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
CVE-2021-22170 1Gitlab 1Gitlab Nov 21, 2024 Dec 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
CVE-2021-39913 1Gitlab 1Gitlab Jun 12, 2026 Nov 5, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an at...Show more Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privilegesShow less
CVE-2021-39912 1Gitlab 1Gitlab Nov 21, 2024 Nov 5, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
CVE-2021-39911 1Gitlab 1Gitlab Jun 12, 2026 Nov 5, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email add...Show more An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumersShow less
CVE-2021-39909 1Gitlab 1Gitlab Nov 21, 2024 Nov 5, 2021 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 bef...Show more Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstancesShow less
CVE-2021-39907 1Gitlab 1Gitlab Nov 21, 2024 Nov 5, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.
CVE-2021-39906 1Gitlab 1Gitlab Nov 21, 2024 Nov 5, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.
CVE-2021-39905 1Gitlab 1Gitlab Nov 21, 2024 Nov 5, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
CVE-2021-39904 1Gitlab 1Gitlab Jun 12, 2026 Nov 5, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4...Show more An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge RequestShow less

Previous 1...394041...70 Next