Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab 14.3.0 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2021-39894
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by malicious users to exploit Server Side Request Forgery attacks.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4
CVSSv2
CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows subgroup members to see epics from all parent subgroups.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4
CVSSv2
CVE-2021-39892
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
2.1
CVSSv2
CVE-2021-39895
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to infor...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
3.5
CVSSv2
CVE-2021-39885
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows an malicious user to execute arbitrary JavaScript code on the v...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4
CVSSv2
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge ...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
5
CVSSv2
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4
CVSSv2
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
7.5
CVSSv2
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
Gitlab Gitlab 14.3.1
5
CVSSv2
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Gitlab Gitlab
Gitlab Gitlab 14.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started