Total
40 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39881 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 3.5 LOW |
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description. | |||||
CVE-2021-39900 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | |||||
CVE-2021-39901 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. | |||||
CVE-2021-39945 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked | |||||
CVE-2021-39879 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 3.5 LOW |
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | |||||
CVE-2021-22215 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | |||||
CVE-2021-22218 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.6 LOW |
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. | |||||
CVE-2021-32823 | 2 Bindata Project, Gitlab | 2 Bindata, Gitlab | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. | |||||
CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | |||||
CVE-2021-22193 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 3.5 LOW |
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. | |||||
CVE-2020-13342 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | |||||
CVE-2020-13261 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | |||||
CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.9 MEDIUM | 3.5 LOW |
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | |||||
CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | |||||
CVE-2019-18458 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). | |||||
CVE-2019-9179 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). | |||||
CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | |||||
CVE-2019-7176 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. | |||||
CVE-2019-9219 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). | |||||
CVE-2019-5461 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 3.5 LOW |
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. |