Filtered by vendor Gitlab
Subscriptions
Total
1173 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | ||||
| CVE-2021-22248 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | ||||
| CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | ||||
| CVE-2021-22246 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. | ||||
| CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | ||||
| CVE-2021-22244 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | ||||
| CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5 Medium |
| Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | ||||
| CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | ||||
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | ||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.2 Medium |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | ||||
| CVE-2021-22239 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5 Medium |
| An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | ||||
| CVE-2021-22238 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. | ||||
| CVE-2021-22237 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.6 Medium |
| Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 | ||||
| CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 Medium |
| Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | ||||
| CVE-2021-22234 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.6 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. | ||||
| CVE-2021-22233 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | ||||
| CVE-2021-22232 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | ||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | ||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 Medium |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | ||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | ||||