Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10073 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. | ||||
| CVE-2020-13273 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | ||||
| CVE-2020-13281 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | ||||
| CVE-2020-13279 | 1 Gitlab | 1 Gitlab-vscode-extension | 2021-07-21 | 8.6 High |
| Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | ||||
| CVE-2020-13276 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | ||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | ||||
| CVE-2020-13275 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 8.1 High |
| A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | ||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2021-07-10 | 6.1 Medium |
| A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | ||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 7.2 High |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | ||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 Medium |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | ||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.5 Medium |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | ||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 5.4 Medium |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | ||||
| CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.1 Medium |
| Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link | ||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.5 Medium |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | ||||
| CVE-2021-22232 | 1 Gitlab | 1 Gitlab | 2021-07-08 | 5.4 Medium |
| HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | ||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2021-07-08 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | ||||
| CVE-2021-22181 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 6.5 Medium |
| A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. | ||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 9.8 Critical |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | ||||
| CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2021-06-16 | 8.6 High |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | ||||
| CVE-2021-22221 | 1 Gitlab | 1 Gitlab | 2021-06-15 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired | ||||