VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2021-39943MedFeb 9, 2022
    risk 0.28cvss 4.3epss 0.01

    An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via…

  • CVE-2022-0125MedJan 18, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to…

  • CVE-2022-0124MedJan 18, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.

  • CVE-2021-39942MedJan 18, 2022
    risk 0.28cvss 4.3epss 0.01

    A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package…

  • CVE-2021-39892MedJan 18, 2022
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.

  • CVE-2021-39940MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of…

  • CVE-2021-39934MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.

  • CVE-2021-39933MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was…

  • CVE-2021-39932MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for…

  • CVE-2021-39930MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates

  • CVE-2021-39917MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to…

  • CVE-2021-39916MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.01

    Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from…

  • CVE-2021-39905MedNov 5, 2021
    risk 0.28cvss 4.3epss 0.01

    An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with

  • CVE-2021-39904MedNov 5, 2021
    risk 0.28cvss 4.3epss 0.01

    An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions…

  • CVE-2021-39902MedNov 4, 2021
    risk 0.28cvss 4.3epss 0.01

    Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.

  • CVE-2021-39889MedOct 5, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

  • CVE-2021-39870MedOct 5, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

  • CVE-2021-22258MedOct 5, 2021
    risk 0.28cvss 4.3epss 0.01

    The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

  • CVE-2021-39888MedOct 5, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge…

  • CVE-2021-39884MedOct 5, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.

Page 33 of 61