Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
Gitlab Gitlab
8.8
CVSSv3
CVE-2021-22192
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
Gitlab Gitlab
2 Github repositories
8.8
CVSSv3
CVE-2020-13343
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template
Gitlab Gitlab
8.8
CVSSv3
CVE-2020-13296
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens
Gitlab Gitlab
8.8
CVSSv3
CVE-2020-13309
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
Gitlab Gitlab
8.8
CVSSv3
CVE-2020-13295
For GitLab Runner prior to 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
Gitlab Runner
8.8
CVSSv3
CVE-2020-2228
Jenkins Gitlab Authentication Plugin 1.5 and previous versions does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
Jenkins Gitlab Authentication
8.8
CVSSv3
CVE-2020-13263
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later up to and including 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
Gitlab Gitlab
Gitlab Gitlab 13.0.0
8.8
CVSSv3
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later up to and including 13.0.1 allows unverified user to use OAuth authorization code flow
Gitlab Gitlab
Gitlab Gitlab 13.0.0
8.8
CVSSv3
CVE-2020-13270
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later up to and including 13.0.1 allows guest users to create a fork relation on restricted public projects via API
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »