GitLab 日志信息泄露漏洞

GitLab is a self-hosted Git version control system project repository application developed by GitLab, Inc. using Ruby on Rails. GitLab Community Edition is vulnerable to an information leak that could be exploited by an attacker with local filesystem access to gain root-level privileges...

GitLab 资源管理错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to a resource management error that could be exploited to cause memory exhaustion using a misformatted TIFF image...

GitLab EE 数据伪造问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab EE is vulnerable to a data forgery issue, which can be exploited by...

GitLab CE/EE 访问控制错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which could be...

GitLab 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...

GitLab 授权问题漏洞

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An authorization issue vulnerability exists in GitLab CE/EE, which can be...

GitLab 访问控制错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...

GitLab 输入验证错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an input validation error that could be exploited to set a pipeline plan to be active in a project export, so that an owner could import t...

GitLab 输入验证错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to input validation errors, which can be exploited to cause high CPU usage...

PT-2021-14924 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.0 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1 Description: An issue has been discovered in GitLab where a user account with 'external' status, granted the 'Maintainer' role on any...

UBUNTU-CVE-2021-22262

Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect...

UBUNTU-CVE-2021-39891

In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure...

UBUNTU-CVE-2021-22258

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses...

UBUNTU-CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

UBUNTU-CVE-2021-39882

In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user...

UBUNTU-CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

UBUNTU-CVE-2021-39888

In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...

UBUNTU-CVE-2021-39869

In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project...

UBUNTU-CVE-2021-39867

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery SSRF attacks...

UBUNTU-CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...