Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Filtered by product Gitlab
Total 1034 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39936 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 3.5 LOW
Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.
CVE-2021-39935 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 6.8 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
CVE-2021-39934 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
CVE-2021-39933 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.
CVE-2021-39932 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
CVE-2021-39931 1 Gitlab 1 Gitlab 2024-11-21 3.5 LOW 3.1 LOW
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
CVE-2021-39930 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
CVE-2021-39927 1 Gitlab 1 Gitlab 2024-11-21 3.5 LOW 3.5 LOW
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
CVE-2021-39919 1 Gitlab 1 Gitlab 2024-11-21 2.1 LOW 4.4 MEDIUM
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
CVE-2021-39918 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 3.1 LOW
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
CVE-2021-39917 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.
CVE-2021-39916 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
CVE-2021-39915 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
CVE-2021-39914 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 3.1 LOW
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
CVE-2021-39913 1 Gitlab 1 Gitlab 2024-11-21 7.2 HIGH 4.4 MEDIUM
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges
CVE-2021-39912 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
CVE-2021-39911 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 1.7 LOW
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
CVE-2021-39910 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 2.6 LOW
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
CVE-2021-39909 1 Gitlab 1 Gitlab 2024-11-21 3.5 LOW 5.3 MEDIUM
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
CVE-2021-39908 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 6.5 MEDIUM
In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.