Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2021-39945

  • EPSS 0.24%
  • Veröffentlicht 13.12.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:20:37

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the M...

4.3

CVE-2021-39910

  • EPSS 0.3%
  • Veröffentlicht 13.12.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:32

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Sw...

5.3

CVE-2021-39915

  • EPSS 0.27%
  • Veröffentlicht 13.12.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:32

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of p...

4.3

CVE-2021-39916

  • EPSS 0.28%
  • Veröffentlicht 13.12.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:33

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4....

6.5

CVE-2021-39917

  • EPSS 0.39%
  • Veröffentlicht 13.12.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:33

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features...

4.3

CVE-2021-39918

  • EPSS 0.23%
  • Veröffentlicht 13.12.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:33

Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot ...

7.5

CVE-2021-22170

Exploit
  • EPSS 0.07%
  • Veröffentlicht 06.12.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:38

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content

9.8

CVE-2021-39890

  • EPSS 0.06%
  • Veröffentlicht 06.12.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:29

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.

5.3

CVE-2021-39907

  • EPSS 0.25%
  • Veröffentlicht 05.11.2021 00:15:11
  • Zuletzt bearbeitet 21.11.2024 06:20:31

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.

5.3

CVE-2021-39909

  • EPSS 0.05%
  • Veröffentlicht 05.11.2021 00:15:11
  • Zuletzt bearbeitet 21.11.2024 06:20:32

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker ...