Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22244 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 6.5 Medium |
| Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | ||||
| CVE-2021-22172 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 4.3 Medium |
| Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page | ||||
| CVE-2021-39914 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 4.3 Medium |
| A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user | ||||
| CVE-2021-39889 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 4.3 Medium |
| In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch. | ||||
| CVE-2022-1162 | 1 Gitlab | 1 Gitlab | 2022-04-27 | 9.8 Critical |
| A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | ||||
| CVE-2020-10955 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2022-04-22 | 6.5 Medium |
| GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | ||||
| CVE-2022-1157 | 1 Gitlab | 1 Gitlab | 2022-04-18 | 2.4 Low |
| Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged | ||||
| CVE-2022-0489 | 1 Gitlab | 1 Gitlab | 2022-04-13 | 5.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. | ||||
| CVE-2022-0425 | 1 Gitlab | 1 Gitlab | 2022-04-12 | 7.6 High |
| A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | ||||
| CVE-2022-1120 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 6.5 Medium |
| Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | ||||
| CVE-2022-1121 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 5.3 Medium |
| A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | ||||
| CVE-2022-1189 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | ||||
| CVE-2022-1188 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | ||||
| CVE-2022-0740 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.3 Medium |
| Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | ||||
| CVE-2022-1100 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.3 Medium |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | ||||
| CVE-2022-1099 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.3 Medium |
| Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab | ||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 5.4 Medium |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | ||||
| CVE-2022-0738 | 1 Gitlab | 1 Gitlab | 2022-04-07 | 7.5 High |
| An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. | ||||
| CVE-2022-0751 | 1 Gitlab | 1 Gitlab | 2022-04-05 | 8.8 High |
| Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands | ||||
| CVE-2022-0344 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project | ||||