Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
445
VMScore
CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
312
VMScore
CVE-2021-39885
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows an malicious user to execute arbitrary JavaScript code on the v...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
356
VMScore
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge ...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
356
VMScore
CVE-2021-39892
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
445
VMScore
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
356
VMScore
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
356
VMScore
CVE-2021-39902
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
312
VMScore
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows an malicious user to bypass CODEOWNE...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
445
VMScore
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Gitlab Gitlab
Gitlab Gitlab 14.4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »