Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2022-0425
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an malicious user to trigger Server Side Request Forgery (SSRF) attacks.
Gitlab Gitlab
578
VMScore
CVE-2021-39937
A collision in access memoization logic in all versions of GitLab CE/EE prior to 14.3.6, all versions starting from 14.4 prior to 14.4.4, all versions starting from 14.5 prior to 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
Gitlab Gitlab
578
VMScore
CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
Gitlab Gitlab
578
VMScore
CVE-2021-22230
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later up to and including 13.11.6, 13.12.6, and 14.0.2.
Gitlab Gitlab
578
VMScore
CVE-2021-22189
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
Gitlab Gitlab
578
VMScore
CVE-2020-13321
A vulnerability exists in GitLab versions before 13.1. Username format restrictions could be bypassed allowing for html tags to be added.
Gitlab Gitlab
578
VMScore
CVE-2020-13322
A vulnerability exists in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.
Gitlab Gitlab
578
VMScore
CVE-2020-13302
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
Gitlab Gitlab
578
VMScore
CVE-2020-13304
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an malicious user to maintain access under certain conditions.
Gitlab Gitlab
578
VMScore
CVE-2020-13309
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
Gitlab Gitlab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »