Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-13333
A potential DOS vulnerability exists in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
Gitlab Gitlab 13.3.0
Gitlab Gitlab 13.2.0
Gitlab Gitlab 13.1.0
5.4
CVSSv3
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
6.5
CVSSv3
CVE-2021-39869
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
4.3
CVSSv3
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5.3
CVSSv3
CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
4.3
CVSSv3
CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows subgroup members to see epics from all parent subgroups.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
5.4
CVSSv3
CVE-2021-39885
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows an malicious user to execute arbitrary JavaScript code on the v...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4.3
CVSSv3
CVE-2021-39892
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4.5
CVSSv3
CVE-2021-39895
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to infor...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
5.3
CVSSv3
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »