VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2023-1825LowJun 7, 2023
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.

  • CVE-2023-0508LowJun 7, 2023
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.

  • CVE-2022-4376LowMay 3, 2023
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their…

  • CVE-2023-1071LowApr 5, 2023
    risk 0.20cvss 3.1epss 0.00

    An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue…

  • CVE-2022-3375LowApr 5, 2023
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project…

  • CVE-2022-3706LowNov 10, 2022
    risk 0.20cvss 3.1epss 0.01

    Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't…

  • CVE-2022-0167LowJul 1, 2022
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive…

  • CVE-2022-1999LowJul 1, 2022
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.

  • CVE-2022-2227LowJul 1, 2022
    risk 0.20cvss 3.1epss 0.01

    Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions

  • CVE-2022-1189LowApr 4, 2022
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private…

  • CVE-2022-0740LowApr 4, 2022
    risk 0.20cvss 3.1epss 0.01

    Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana…

  • CVE-2022-0344LowMar 28, 2022
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an…

  • CVE-2022-0249LowMar 28, 2022
    risk 0.20cvss 3.1epss 0.01

    A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

  • CVE-2021-39938LowDec 13, 2021
    risk 0.20cvss 3.1epss 0.01

    A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via…

  • CVE-2021-39931LowDec 13, 2021
    risk 0.20cvss 3.1epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a…

  • CVE-2021-39918LowDec 13, 2021
    risk 0.20cvss 3.1epss 0.01

    Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.

  • CVE-2021-39890LowDec 6, 2021
    risk 0.20cvss 3.1epss 0.01

    It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.

  • CVE-2021-39914LowNov 4, 2021
    risk 0.20cvss 3.1epss 0.01

    A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user

  • CVE-2021-22244LowAug 25, 2021
    risk 0.20cvss 3.1epss 0.01

    Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data

  • CVE-2021-22254LowAug 20, 2021
    risk 0.20cvss 3.1epss 0.01

    Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.

Page 40 of 61