Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2022-3902
An issue has been discovered in GitLab affecting all versions starting from 9.3 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
5.4
CVSSv3
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
6.5
CVSSv3
CVE-2021-39869
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
4.3
CVSSv3
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
Gitlab Gitlab 4.3.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5.3
CVSSv3
CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Gitlab Gitlab
Gitlab Gitlab 4.3.0
5.4
CVSSv3
CVE-2021-39885
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows an malicious user to execute arbitrary JavaScript code on the v...
Gitlab Gitlab
Gitlab Gitlab 14.3.0
2.7
CVSSv3
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
4.3
CVSSv3
CVE-2021-39902
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
Gitlab Gitlab
Gitlab Gitlab 14.4.0
4.3
CVSSv3
CVE-2021-39904
An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 prior to 14.2.6, all versions starting from 14.3 prior to 14.3.4, and all versions starting from 14.4 prior to 14.4.1 allows a Merge Request creator to resolve discussio...
Gitlab Gitlab
Gitlab Gitlab 14.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
8
9
10
NEXT »