CE/EE
by GitLab Inc.
Source repositories
CVEs (414)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22229 | 0.00 | — | 0.00 | Jul 6, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | |||
| CVE-2021-22181 | 0.00 | — | 0.00 | Jun 11, 2021 | A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. | |||
| CVE-2021-22216 | 0.00 | — | 0.00 | Jun 8, 2021 | A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | |||
| CVE-2021-22219 | 0.00 | — | 0.00 | Jun 8, 2021 | All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was… | |||
| CVE-2021-22217 | 0.00 | — | 0.01 | Jun 8, 2021 | A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request | |||
| CVE-2021-22213 | 0.00 | — | 0.01 | Jun 8, 2021 | A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | |||
| CVE-2021-22215 | 0.00 | — | 0.00 | Jun 8, 2021 | An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | |||
| CVE-2021-22210 | 0.00 | — | 0.00 | May 6, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results. | |||
| CVE-2021-22211 | 0.00 | — | 0.00 | May 5, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. | |||
| CVE-2021-22202 | 0.00 | — | 0.00 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | |||
| CVE-2021-22200 | 0.00 | — | 0.00 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. | |||
| CVE-2021-22197 | 0.00 | — | 0.00 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other | |||
| CVE-2021-22198 | 0.00 | — | 0.00 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. | |||
| CVE-2021-22196 | 0.00 | — | 0.00 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. | |||
| CVE-2021-22177 | 0.00 | — | 0.00 | Apr 1, 2021 | Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | |||
| CVE-2021-22169 | 0.00 | — | 0.00 | Mar 24, 2021 | An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. | |||
| CVE-2021-22186 | 0.00 | — | 0.00 | Mar 24, 2021 | An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners | |||
| CVE-2021-22192 | 0.00 | — | 0.81 | Mar 24, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | |||
| CVE-2021-22187 | 0.00 | — | 0.00 | Mar 2, 2021 | An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. | |||
| CVE-2020-26408 | 0.00 | — | 0.00 | Dec 11, 2020 | A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile |
- CVE-2021-22229Jul 6, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.
- CVE-2021-22181Jun 11, 2021risk 0.00cvss —epss 0.00
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.
- CVE-2021-22216Jun 8, 2021risk 0.00cvss —epss 0.00
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description
- CVE-2021-22219Jun 8, 2021risk 0.00cvss —epss 0.00
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was…
- CVE-2021-22217Jun 8, 2021risk 0.00cvss —epss 0.01
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request
- CVE-2021-22213Jun 8, 2021risk 0.00cvss —epss 0.01
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
- CVE-2021-22215Jun 8, 2021risk 0.00cvss —epss 0.00
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
- CVE-2021-22210May 6, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.
- CVE-2021-22211May 5, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.
- CVE-2021-22202Apr 2, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
- CVE-2021-22200Apr 2, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.
- CVE-2021-22197Apr 2, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
- CVE-2021-22198Apr 2, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
- CVE-2021-22196Apr 2, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
- CVE-2021-22177Apr 1, 2021risk 0.00cvss —epss 0.00
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
- CVE-2021-22169Mar 24, 2021risk 0.00cvss —epss 0.00
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
- CVE-2021-22186Mar 24, 2021risk 0.00cvss —epss 0.00
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
- CVE-2021-22192Mar 24, 2021risk 0.00cvss —epss 0.81
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
- CVE-2021-22187Mar 2, 2021risk 0.00cvss —epss 0.00
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.
- CVE-2020-26408Dec 11, 2020risk 0.00cvss —epss 0.00
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile
Page 16 of 21