UBUNTU-CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...

CVE-2021-22224

Removed by vendor...

CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...

CVE-2021-22224

CVE-2021-22224 concerns a cross-site request forgery in GitLab’s GraphQL API. The provided materials specify that since version 13.12 and before versions 13.12.6 and 14.0.2, an attacker could “call mutations as the victim,” implying CSRF on authenticated users. The connected documents confirm aff...

GitLab Access Control Error Vulnerability (CNVD-2021-49038)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab. An attacker can exploit this vulnerability ...

GitLab Cross-Site Request Forgery Vulnerability (CNVD-2021-49073)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site request forgery vulnerability exists in Gitl...

PT-2021-6757 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 13.12.5 GitLab versions 14.0.0 through 14.0.1 Description: A cross-site request forgery issue in the GraphQL API allows an attacker to call mutations as the victim. The vulnerability is related to the lack of...

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

Improper access control

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

UBUNTU-CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

CVE-2021-22228

Summary of CVE-2021-22228 : GitLab versions affected are all before 13.11.6, all 13.12 before 13.12.6, and all 14.0 before 14.0.2. The issue is an improper access control that allows unauthorised users to access project details via GraphQL. The connected documents confirm the vulnerability’s exis...

CVE-2021-22228

Removed by vendor...

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

GitLab跨站请求伪造漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site request forgery vulnerability exists in Gitl...

GitLab 安全漏洞

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab. An attacker can exploit this vulnerability ...

PT-2021-6759 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.11.6 GitLab versions 13.12 through 13.12.5 GitLab versions 14.0 through 14.0.1 Description: An issue has been discovered in GitLab related to improper access control when using GraphQL, allowing unauthorized users ...

FreeBSD : Gitlab -- Multiple Vulnerabilities (8ba8278d-db06-11eb-ba49-001b217b3468)

Gitlab reports : DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...

GitLab Cross-Site Scripting Vulnerability (CNVD-2022-23498)

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. A security vulnerability exists in GitLab, which stems from a CSRF on the...