Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-22260

Exploit
  • EPSS 0.16%
  • Veröffentlicht 05.11.2021 00:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:48

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attack...

6.5

CVE-2021-39903

  • EPSS 0.25%
  • Veröffentlicht 04.11.2021 23:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:31

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted...

5

CVE-2021-39914

  • EPSS 0.18%
  • Veröffentlicht 04.11.2021 23:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:32

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user

4.3

CVE-2021-39902

  • EPSS 0.23%
  • Veröffentlicht 04.11.2021 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:20:30

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.

6.5

CVE-2021-22263

Exploit
  • EPSS 0.21%
  • Veröffentlicht 11.10.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:49

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Main...

6.5

CVE-2021-39880

  • EPSS 0.4%
  • Veröffentlicht 05.10.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:20:27

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker ...

4.9

CVE-2021-39891

  • EPSS 0.11%
  • Veröffentlicht 05.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:29

In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.

5.3

CVE-2021-22257

  • EPSS 0.22%
  • Veröffentlicht 05.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:48

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with...

4.3

CVE-2021-22258

  • EPSS 0.27%
  • Veröffentlicht 05.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:48

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

4.8

CVE-2021-22261

  • EPSS 0.2%
  • Veröffentlicht 05.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:48

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execut...