Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab 14.4.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-39908
In all versions of GitLab CE/EE starting from 0.8.0 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4
CVSSv2
CVE-2021-39930
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an malicious user to access a user's custom project and group templates
Gitlab Gitlab
4
CVSSv2
CVE-2021-39904
An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows a Merge Request creator to resolve discussio...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4
CVSSv2
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
3.5
CVSSv2
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an malicious user to bypass CODEOWNE...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4
CVSSv2
CVE-2021-39911
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook d...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
7.2
CVSSv2
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an attacker with local file system access to obtain system ...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
5
CVSSv2
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4
CVSSv2
CVE-2021-39902
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4
CVSSv2
CVE-2021-39903
In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started