CVE-2021-20729

The CVE-2021-20729 entry concerns a Cross-site scripting (XSS) vulnerability in pfSense CE (versions <= 2.5.2) and pfSense Plus (versions

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

Authentication flaw

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

CVE-2021-4191

The CVE-2021-4191 issue in GitLab CE/EE (affected versions: 13.0–14.6.5, 14.7–14.7.4, 14.8–14.8.2) enables user enumeration via the GraphQL API for unauthenticated users on privately signed-up instances. Root cause: missing authentication checks in specific GraphQL queries, allowing an attacker t...

CVE-2021-4191

Removed by vendor...

CVE-2021-39876

CVE-2021-39876 affects GitLab CE/EE starting from version 11.3, where the autocomplete endpoint for Assignee discloses members of private groups. The root cause is an information-disclosure flaw in the Assignee autocomplete functionality, enabling partial confidentiality breach. Impact stated in ...

CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

CVE-2022-0488

GitLab CE/EE (versions starting with 8.10) is affected by CVE-2022-0488: a denial-of-service vulnerability where a crafted amount of block-quotes in Markdown can trigger a page timeout. The issue arises from mishandling a large number of block references, leading to an exploitable DoS condition. ...

CVE-2022-0488

Removed by vendor...

CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

CVE-2022-0751

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands...