Total
968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | |||||
| CVE-2021-22190 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | |||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22201 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | |||||
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | |||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
| CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 8.6 HIGH |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | |||||
| CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | |||||
| CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | |||||
| CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22220 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks. | |||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | |||||
| CVE-2021-22254 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
| Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9. | |||||
| CVE-2021-22213 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | |||||
| CVE-2021-22172 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page | |||||
| CVE-2021-22177 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | |||||
| CVE-2021-22208 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. | |||||
| CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | |||||
| CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | |||||
| CVE-2021-22180 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. | |||||