Total
988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13297 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. | |||||
| CVE-2020-6832 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. | |||||
| CVE-2020-13318 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | |||||
| CVE-2020-13346 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | |||||
| CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 MEDIUM | 7.7 HIGH |
| A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | |||||
| CVE-2020-13312 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | |||||
| CVE-2020-13274 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | |||||
| CVE-2019-9172 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5). | |||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | |||||
| CVE-2020-13273 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | |||||
| CVE-2019-19309 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | |||||
| CVE-2020-13262 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | |||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2021-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | |||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.5 MEDIUM | 7.2 HIGH |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | |||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | |||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link | |||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.9 MEDIUM | 6.5 MEDIUM |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | |||||