GitLab
by GitLab Inc.
Source repositories
CVEs (1,214)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39883 | Med | 0.28 | 4.3 | 0.01 | Oct 4, 2021 | Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups. | ||
| CVE-2021-39874 | Med | 0.28 | 4.3 | 0.01 | Oct 4, 2021 | In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | ||
| CVE-2021-39873 | Med | 0.28 | 4.3 | 0.01 | Oct 4, 2021 | In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. | ||
| CVE-2021-39871 | Med | 0.28 | 4.3 | 0.01 | Oct 4, 2021 | In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | ||
| CVE-2021-39868 | Med | 0.28 | 4.3 | 0.01 | Oct 4, 2021 | In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. | ||
| CVE-2021-22259 | Med | 0.28 | 4.3 | 0.01 | Oct 4, 2021 | A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. | ||
| CVE-2021-22247 | Med | 0.28 | 4.3 | 0.01 | Aug 25, 2021 | Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | ||
| CVE-2021-22251 | Med | 0.28 | 4.3 | 0.01 | Aug 23, 2021 | Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | ||
| CVE-2021-22249 | Med | 0.28 | 4.3 | 0.01 | Aug 23, 2021 | A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | ||
| CVE-2021-22233 | Med | 0.28 | 4.3 | 0.01 | Jul 7, 2021 | An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | ||
| CVE-2021-22208 | Med | 0.28 | 4.3 | 0.01 | May 6, 2021 | An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. | ||
| CVE-2021-22198 | Med | 0.28 | 4.3 | 0.01 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. | ||
| CVE-2021-22177 | Med | 0.28 | 4.3 | 0.01 | Apr 1, 2021 | Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | ||
| CVE-2021-22180 | Med | 0.28 | 4.3 | 0.01 | Mar 26, 2021 | An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. | ||
| CVE-2021-22172 | Med | 0.28 | 4.3 | 0.01 | Mar 26, 2021 | Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page | ||
| CVE-2021-22169 | Med | 0.28 | 4.3 | 0.01 | Mar 24, 2021 | An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. | ||
| CVE-2021-22176 | Med | 0.28 | 4.3 | 0.01 | Mar 24, 2021 | An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests | ||
| CVE-2021-22187 | Med | 0.28 | 4.3 | 0.01 | Mar 2, 2021 | An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. | ||
| CVE-2021-22168 | Med | 0.28 | 4.3 | 0.01 | Jan 15, 2021 | A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. | ||
| CVE-2020-26414 | Med | 0.28 | 4.3 | 0.02 | Jan 15, 2021 | An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. |
- risk 0.28cvss 4.3epss 0.01
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.
- risk 0.28cvss 4.3epss 0.01
In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
- risk 0.28cvss 4.3epss 0.01
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.
- risk 0.28cvss 4.3epss 0.01
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
- risk 0.28cvss 4.3epss 0.01
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
- risk 0.28cvss 4.3epss 0.01
A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.
- risk 0.28cvss 4.3epss 0.01
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
- risk 0.28cvss 4.3epss 0.01
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
- risk 0.28cvss 4.3epss 0.01
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group
- risk 0.28cvss 4.3epss 0.01
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
- risk 0.28cvss 4.3epss 0.01
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.
- risk 0.28cvss 4.3epss 0.01
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
- risk 0.28cvss 4.3epss 0.01
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
- risk 0.28cvss 4.3epss 0.01
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
- risk 0.28cvss 4.3epss 0.01
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
- risk 0.28cvss 4.3epss 0.01
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
- risk 0.28cvss 4.3epss 0.01
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
- risk 0.28cvss 4.3epss 0.01
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.
- risk 0.28cvss 4.3epss 0.01
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
- risk 0.28cvss 4.3epss 0.02
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
Page 34 of 61