Filtered by vendor Gitlab
Subscribe
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22237 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 | |||||
| CVE-2021-22195 | 1 Gitlab | 1 Gitlab-vscode-extension | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | |||||
| CVE-2021-22246 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. | |||||
| CVE-2021-22250 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | |||||
| CVE-2021-22238 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. | |||||
| CVE-2021-22244 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | |||||
| CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | |||||
| CVE-2021-22234 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 6.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. | |||||
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | |||||
| CVE-2021-22190 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | |||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22201 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | |||||
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | |||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
| CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 8.6 HIGH |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | |||||
| CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | |||||
| CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | |||||
| CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22220 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks. | |||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | |||||