VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2020-26416MedDec 11, 2020
    risk 0.26cvss 4.0epss 0.00

    Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

  • CVE-2020-13336MedSep 30, 2020
    risk 0.26cvss 4.0epss 0.01

    An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.

  • CVE-2023-3363LowJul 13, 2023
    risk 0.25cvss 3.9epss 0.00

    An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

  • CVE-2021-39896LowOct 4, 2021
    risk 0.25cvss 3.8epss 0.01

    In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.

  • CVE-2020-13307LowSep 15, 2020
    risk 0.25cvss 3.8epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.

  • CVE-2020-13304LowSep 14, 2020
    risk 0.25cvss 3.8epss 0.02

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.

  • CVE-2020-13302LowSep 14, 2020
    risk 0.25cvss 3.8epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.

  • CVE-2020-13297LowSep 14, 2020
    risk 0.25cvss 3.8epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.

  • CVE-2026-6976LowJun 11, 2026
    risk 0.24cvss 3.7epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request…

  • CVE-2023-5831LowNov 6, 2023
    risk 0.24cvss 3.7epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected…

  • CVE-2023-0450LowApr 5, 2023
    risk 0.24cvss 3.7epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

  • CVE-2022-3031LowOct 17, 2022
    risk 0.24cvss 3.7epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted…

  • CVE-2022-1188LowApr 4, 2022
    risk 0.24cvss 3.7epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.

  • CVE-2021-39941LowDec 13, 2021
    risk 0.24cvss 3.7epss 0.01

    An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members

  • CVE-2021-39898LowNov 5, 2021
    risk 0.24cvss 3.7epss 0.01

    In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.

  • CVE-2020-13315LowSep 14, 2020
    risk 0.24cvss 3.7epss 0.02

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.

  • CVE-2020-13306LowSep 14, 2020
    risk 0.24cvss 3.7epss 0.02

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

  • CVE-2020-13314LowSep 14, 2020
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.

  • CVE-2019-9219LowApr 17, 2019
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).

  • CVE-2019-9179LowApr 17, 2019
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).

Page 37 of 61