VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2021-39883MedOct 4, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.

  • CVE-2021-39874MedOct 4, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.

  • CVE-2021-39873MedOct 4, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.

  • CVE-2021-39871MedOct 4, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.

  • CVE-2021-39868MedOct 4, 2021
    risk 0.28cvss 4.3epss 0.01

    In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.

  • CVE-2021-22259MedOct 4, 2021
    risk 0.28cvss 4.3epss 0.01

    A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.

  • CVE-2021-22247MedAug 25, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics

  • CVE-2021-22251MedAug 23, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings

  • CVE-2021-22249MedAug 23, 2021
    risk 0.28cvss 4.3epss 0.01

    A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group

  • CVE-2021-22233MedJul 7, 2021
    risk 0.28cvss 4.3epss 0.01

    An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details

  • CVE-2021-22208MedMay 6, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.

  • CVE-2021-22198MedApr 2, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.

  • CVE-2021-22177MedApr 1, 2021
    risk 0.28cvss 4.3epss 0.01

    Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.

  • CVE-2021-22180MedMar 26, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.

  • CVE-2021-22172MedMar 26, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page

  • CVE-2021-22169MedMar 24, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.

  • CVE-2021-22176MedMar 24, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests

  • CVE-2021-22187MedMar 2, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.

  • CVE-2021-22168MedJan 15, 2021
    risk 0.28cvss 4.3epss 0.01

    A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.

  • CVE-2020-26414MedJan 15, 2021
    risk 0.28cvss 4.3epss 0.02

    An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.

Page 34 of 61