EUVD-2021-26296

Malware in sbrugna...

CVE-2021-39931

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches du...

GitLab 14.1.0 < 14.3.6 / 14.4.0 < 14.4.4 / 14.5.0 < 14.5.2 (CVE-2021-39943)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting...

GitLab 13.2 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39940)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitL...

GitLab 14.1.x < 14.3.6, 14.4.x < 14.4.4, 14.5.x < 14.5.2 Authorization Logic Vulnerability

GitLab is prone to an authorization logic vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

PT-2022-13253 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4.0 through 14.4.3 GitLab CE/EE versions 14.5.0 through 14.5.1 Description: An issue has been discovered in GitLab CE/EE that allows unprivileged users to add other users to group...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input notes, comments, etc was susceptible to catastroph...

UBUNTU-CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

Information disclosure

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

UBUNTU-CVE-2021-39940

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a...

CVE-2021-39939

Removed by vendor...

CVE-2021-39934

Removed by vendor...

PT-2021-22778 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: GitLab Runner versions 13.7 through 14.3.6 GitLab Runner versions 14.4 through 14.4.4 GitLab Runner versions 14.5 through 14.5.2 Description: An uncontrolled resource consumption issue in GitLab Runner allows an attacker to trigger a job with...

PT-2021-22776 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4 prior to 14.4.4 GitLab CE/EE versions 14.5 prior to 14.5.2 Description: A collision in access memoization logic leads to potential elevated privileges in groups and projects und...

PT-2021-22770 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.11 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 Description: An issue has been discovered in GitLab CE/EE due to a business logic error, allowing an unauthorized...

GitLab 权限许可和访问控制问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A privilege license and access control issue vulnerability exists in GitLab...