Total
1025 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39900 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | |||||
CVE-2021-39909 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances | |||||
CVE-2021-39880 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. | |||||
CVE-2021-39894 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | |||||
CVE-2021-39883 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups. | |||||
CVE-2022-0125 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project. | |||||
CVE-2021-22234 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 6.4 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. | |||||
CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | |||||
CVE-2021-22237 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 | |||||
CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. | |||||
CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | |||||
CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | |||||
CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | |||||
CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | |||||
CVE-2021-22177 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | |||||
CVE-2021-22218 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 2.6 LOW |
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. | |||||
CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | |||||
CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
CVE-2021-22215 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects |