Total
213 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0244 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file. | |||||
CVE-2021-39893 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | |||||
CVE-2021-22170 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | |||||
CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | |||||
CVE-2021-22200 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | |||||
CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | |||||
CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 8.6 HIGH |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | |||||
CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | |||||
CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 7.6 HIGH |
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
CVE-2021-22167 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository | |||||
CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 7.7 HIGH |
A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | |||||
CVE-2020-13296 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 8.8 HIGH |
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens | |||||
CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | |||||
CVE-2020-13325 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service. | |||||
CVE-2021-22166 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method | |||||
CVE-2020-13322 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. | |||||
CVE-2020-26405 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
CVE-2020-13356 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
CVE-2020-13334 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query |