PT-2021-22780 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.2 through 14.3.6 GitLab CE/EE versions 14.4 through 14.4.4 GitLab CE/EE versions 14.5 through 14.5.2 Description: An issue has been discovered in GitLab CE/EE where the GitLab Maven Package registry is vulnerable to a...

PT-2021-22772 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.10 through 14.3.6 GitLab CE/EE versions 14.4 through 14.4.4 GitLab CE/EE versions 14.5 through 14.5.2 Description: A regular expression used for handling user input, such as notes and comments, was susceptible to...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab CE/EE. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges Gitlab has made updates available to address the...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from versions fro...

GitLab 访问控制错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to an access control error that stems from the...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from versions fro...

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An information disclosure vulnerability exists in GitLab Community Edition,...

GitLab 访问控制错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An access control error vulnerability exists in GitLab Community Edition, whic...

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab Community Edition, where...

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab Community Edition,...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to insufficient validation of input data, allows a hacker to execute arbitrary commands.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient validation of input data during syntax analysis of image files. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2021-39897

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred...

UBUNTU-CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

UBUNTU-CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to system data GitLab categorize...

UBUNTU-CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

UBUNTU-CVE-2021-39902

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident...

PT-2021-22754 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 and later Description: A potential DOS issue was discovered in GitLab CE/EE. The stripping of EXIF data from certain images resulted in high CPU usage. Recommendations: For GitLab CE/EE versions 13.7 and later,...

PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...