Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22198 1Gitlab 1Gitlab Nov 21, 2024 Apr 2, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
CVE-2021-22197 1Gitlab 1Gitlab Nov 21, 2024 Apr 2, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each otherShow less
CVE-2021-22196 1Gitlab 1Gitlab Nov 21, 2024 Apr 2, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
CVE-2021-22195 1Gitlab 1Gitlab Vscode Extension Nov 21, 2024 Apr 1, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system
CVE-2021-22177 1Gitlab 1Gitlab Nov 21, 2024 Apr 1, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
CVE-2021-22194 1Gitlab 1Gitlab Nov 21, 2024 Mar 26, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In all versions of GitLab, marshalled session keys were being stored in Redis.
CVE-2021-22184 1Gitlab 1Gitlab Nov 21, 2024 Mar 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
CVE-2021-22180 1Gitlab 1Gitlab Nov 21, 2024 Mar 26, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
CVE-2021-22172 1Gitlab 1Gitlab Nov 21, 2024 Mar 26, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
CVE-2021-22169 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
CVE-2021-22193 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 3.5 LOW· v3 3.5 LOW· v2 An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
CVE-2021-22192 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
CVE-2021-22186 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
CVE-2021-22185 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
CVE-2021-22179 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
CVE-2021-22178 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
CVE-2021-22176 1Gitlab 1Gitlab Nov 21, 2024 Mar 24, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
CVE-2021-22189 1Gitlab 1Gitlab Nov 21, 2024 Mar 4, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
CVE-2021-22183 1Gitlab 1Gitlab Nov 21, 2024 Mar 4, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
CVE-2021-22188 1Gitlab 1Gitlab Nov 21, 2024 Mar 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.

Previous 1...454647...70 Next