Filtered by vendor Gitlab
Subscribe
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13349 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-26409 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | |||||
| CVE-2020-13276 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2019-19313 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | |||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2021-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | |||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.5 MEDIUM | 7.2 HIGH |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | |||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | |||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link | |||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.9 MEDIUM | 6.5 MEDIUM |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | |||||
| CVE-2021-22232 | 1 Gitlab | 1 Gitlab | 2021-07-08 | 3.5 LOW | 5.4 MEDIUM |
| HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | |||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2021-07-08 | 4.3 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | |||||
| CVE-2021-22181 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. | |||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
| CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2021-06-16 | 4.3 MEDIUM | 8.6 HIGH |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | |||||
| CVE-2021-22221 | 1 Gitlab | 1 Gitlab | 2021-06-15 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired | |||||
| CVE-2021-22216 | 1 Gitlab | 1 Gitlab | 2021-06-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | |||||
| CVE-2021-22209 | 1 Gitlab | 1 Gitlab | 2021-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. | |||||
| CVE-2021-22211 | 1 Gitlab | 1 Gitlab | 2021-05-13 | 3.5 LOW | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. | |||||