CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2021/12/13 4:15 p.m.•18 views

CVE-2021-39932

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...

4.3CVSS6.9AI score0.0086EPSS

OSV•added 2021/12/13 4:15 p.m.•15 views

CVE-2021-39931

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches du...

4.3CVSS6.7AI score0.00858EPSS

NVD•added 2021/12/13 4:15 p.m.•13 views

CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

4.4CVSS0.00292EPSS

NVD•added 2021/12/13 4:15 p.m.•16 views

CVE-2021-39931

4.3CVSS0.00858EPSS

NVD•added 2021/12/13 4:15 p.m.•10 views

CVE-2021-39933

6.5CVSS0.0142EPSS

NVD•added 2021/12/13 4:15 p.m.•19 views

CVE-2021-39934

Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2...

4.3CVSS0.00906EPSS

NVD•added 2021/12/13 4:15 p.m.•14 views

CVE-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

6.5CVSS0.00892EPSS

NVD•added 2021/12/13 4:15 p.m.•11 views

CVE-2021-39932

4.3CVSS0.0086EPSS

OSV•added 2021/12/13 4:15 p.m.•20 views

CVE-2021-39940

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a...

6.5CVSS6.7AI score0.0146EPSS

OSV•added 2021/12/13 4:15 p.m.•21 views

CVE-2021-39944

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege ...

7.1CVSS6.3AI score0.00916EPSS

OSV•added 2021/12/13 4:15 p.m.•19 views

CVE-2021-39945

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project...

2.7CVSS6.4AI score0.00908EPSS

NVD•added 2021/12/13 4:15 p.m.•14 views

CVE-2021-39917

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking...

6.5CVSS0.01328EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•18 views

CVE-2021-39945

4CVSS5.9AI score0.00908EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•19 views

CVE-2021-39917

6.5CVSS6.5AI score0.01328EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•19 views

CVE-2021-39932

4.3CVSS5.8AI score0.0086EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•22 views

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

5.3CVSS6.2AI score0.01134EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•14 views

CVE-2021-39936

Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki...

4.3CVSS5.9AI score0.01025EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•17 views

CVE-2021-39933

6.5CVSS6.5AI score0.0142EPSS

UbuntuCve•added 2021/12/13 4:15 p.m.•18 views

CVE-2021-39931

4.3CVSS5.8AI score0.00858EPSS