Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22209 1 Gitlab 1 Gitlab 2021-05-13 5.0 MEDIUM 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.
CVE-2021-22211 1 Gitlab 1 Gitlab 2021-05-13 3.5 LOW 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.
CVE-2021-22210 1 Gitlab 1 Gitlab 2021-05-13 5.0 MEDIUM 5.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.
CVE-2021-22206 1 Gitlab 1 Gitlab 2021-05-13 4.0 MEDIUM 4.9 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,
CVE-2021-22208 1 Gitlab 1 Gitlab 2021-05-13 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.
CVE-2021-22187 1 Gitlab 1 Gitlab 2021-05-04 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.
CVE-2020-13285 1 Gitlab 1 Gitlab 2021-05-03 3.5 LOW 5.4 MEDIUM
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
CVE-2021-22205 1 Gitlab 1 Gitlab 2021-04-30 6.5 MEDIUM 9.9 CRITICAL
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
CVE-2021-22199 1 Gitlab 1 Gitlab 2021-04-30 3.5 LOW 5.4 MEDIUM
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.
CVE-2021-22190 1 Gitlab 1 Gitlab 2021-04-20 4.0 MEDIUM 6.5 MEDIUM
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVE-2021-22200 1 Gitlab 1 Gitlab 2021-04-07 4.3 MEDIUM 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.
CVE-2021-22202 1 Gitlab 1 Gitlab 2021-04-07 4.3 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
CVE-2021-22198 1 Gitlab 1 Gitlab 2021-04-07 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
CVE-2021-22203 1 Gitlab 1 Gitlab 2021-04-07 5.0 MEDIUM 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.
CVE-2021-22201 1 Gitlab 1 Gitlab 2021-04-07 4.0 MEDIUM 6.5 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.
CVE-2021-22197 1 Gitlab 1 Gitlab 2021-04-07 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
CVE-2021-22196 1 Gitlab 1 Gitlab 2021-04-07 3.5 LOW 5.4 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
CVE-2021-22195 1 Gitlab 1 Gitlab-vscode-extension 2021-04-07 6.8 MEDIUM 7.8 HIGH
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system
CVE-2021-22177 1 Gitlab 1 Gitlab 2021-04-05 4.0 MEDIUM 4.3 MEDIUM
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
CVE-2021-22194 1 Gitlab 1 Gitlab 2021-03-30 2.1 LOW 4.4 MEDIUM
In all versions of GitLab starting from 13.7, marshalled session keys were being stored in Redis.