Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2021-39901

  • EPSS 0.29%
  • Veröffentlicht 05.11.2021 00:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:30

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.

4.3

CVE-2021-39904

Exploit
  • EPSS 0.12%
  • Veröffentlicht 05.11.2021 00:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:31

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request crea...

4.3

CVE-2021-39905

  • EPSS 0.3%
  • Veröffentlicht 05.11.2021 00:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:31

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with

6.1

CVE-2021-39906

  • EPSS 1.18%
  • Veröffentlicht 05.11.2021 00:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:31

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.

5.4

CVE-2021-22260

Exploit
  • EPSS 0.16%
  • Veröffentlicht 05.11.2021 00:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:48

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attack...

6.5

CVE-2021-39903

  • EPSS 0.25%
  • Veröffentlicht 04.11.2021 23:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:31

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted...

5

CVE-2021-39914

  • EPSS 0.18%
  • Veröffentlicht 04.11.2021 23:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:32

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user

4.3

CVE-2021-39902

  • EPSS 0.23%
  • Veröffentlicht 04.11.2021 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:20:30

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.

6.5

CVE-2021-22263

Exploit
  • EPSS 0.21%
  • Veröffentlicht 11.10.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:49

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Main...

6.5

CVE-2021-39880

  • EPSS 0.4%
  • Veröffentlicht 05.10.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:20:27

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker ...