CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2021/12/13 3:47 p.m.•23 views

CVE-2021-39919

Removed by vendor...

4.4CVSS5.8AI score0.00292EPSS

CVE•added 2021/12/13 3:47 p.m.•61 views

CVE-2021-39919

CVE-2021-39919 affects GitLab CE/EE: vulnerable in all versions before 14.3.6, all versions from 14.4 before 14.4.4, and all versions from 14.5 before 14.5.2. The reset password token and new user email token are logged, risking information disclosure. Remediation is to upgrade to fixed releases ...

4.4CVSS4.6AI score0.00292EPSS

Exploits0References2Affected Software1

CVE•added 2021/12/13 3:47 p.m.•55 views

CVE-2021-39915

CVE-2021-39915: GitLab CE/EE GraphQL API has improper access control that lets an attacker view the names of project access tokens on arbitrary projects. Affected: GitLab versions starting from 13.0 up to before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2. Remediation per sources is to upg...

5.3CVSS5.3AI score0.01134EPSS

Debian CVE•added 2021/12/13 3:47 p.m.•28 views

CVE-2021-39933

Removed by vendor...

6.5CVSS6.6AI score0.0142EPSS

CVE•added 2021/12/13 3:47 p.m.•55 views

CVE-2021-39933

CVE-2021-39933 affects GitLab CE/EE: all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, and all versions starting from 14.5 before 14.5.2. An input handling regex (notes, comments, etc) is vulnerable to catastrophic backtracking, enabling a denial of se...

6.5CVSS6.2AI score0.0142EPSS

Debian CVE•added 2021/12/13 3:47 p.m.•25 views

CVE-2021-39938

Removed by vendor...

6.5CVSS6.6AI score0.00892EPSS

CVE•added 2021/12/13 3:47 p.m.•60 views

CVE-2021-39938

CVE-2021-39938 : A vulnerable regular expression in GitLab CE/EE allows DoS via specially crafted deploy slash commands. Affected versions: GitLab CE/EE 8.15 before 14.3.6; starting from 14.4 before 14.4.4; starting from 14.5 before 14.5.2. Remediation available by upgrading to patched releases (...

6.5CVSS6.3AI score0.00892EPSS

Exploits0References2Affected Software1

CVE•added 2021/12/13 3:47 p.m.•59 views

CVE-2021-39936

CVE-2021-39936 affects GitLab CE/EE: improper access control allows an attacker with a deploy token to access a project’s disabled wiki. Affected versions include 10.7–14.3.6, 14.4–14.4.3, and 14.5–14.5.1. The issue is caused by insufficient access checks on wiki access via deploy tokens. Public ...

4.3CVSS4.4AI score0.01025EPSS

CVE•added 2021/12/13 3:47 p.m.•70 views

CVE-2021-39931

GitLab CE/EE CVE-2021-39931 affects all versions from 8.11 up to 14.3.6, and 14.4 up to 14.4.4, and 14.5 up to 14.5.2. The flaw is a business-logic error that allowed an unauthorized project member to delete a protected branch. Impact described in the sources involves unauthorized deletion by low...

4.3CVSS4.3AI score0.00858EPSS

Cvelist•added 2021/12/13 3:47 p.m.•18 views

CVE-2021-39945

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project...

2.7CVSS4.3AI score0.00908EPSS

CVE•added 2021/12/13 3:47 p.m.•65 views

CVE-2021-39945

CVE-2021-39945 affects GitLab CE/EE API. A bug in access control allows an author of a Merge Request to approve the MR even after their project access is revoked, across GitLab versions: 9.4–14.3.6, 14.4–14.4.3, and 14.5–14.5.1. Root cause is improper access restriction in the Merge Request appro...

4CVSS3.7AI score0.00908EPSS

Cvelist•added 2021/12/13 3:47 p.m.•18 views

CVE-2021-39944

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege ...

7.1CVSS7AI score0.00916EPSS

CVE•added 2021/12/13 3:47 p.m.•66 views

CVE-2021-39944

CVE-2021-39944 affects GitLab CE/EE: multiple branches of affected versions, specifically 11.0–14.3.5, 14.4.0–14.4.3, and 14.5.0–14.5.1. The root cause is a permissions validation flaw that lets group members with a developer role elevate to maintainer on imported projects. Practical impact: priv...

7.1CVSS6.6AI score0.00916EPSS

Debian CVE•added 2021/12/13 3:47 p.m.•20 views

CVE-2021-39940

Removed by vendor...

6.5CVSS6.6AI score0.0146EPSS

CVE•added 2021/12/13 3:47 p.m.•63 views

CVE-2021-39940

CVE-2021-39940 affects GitLab CE/EE and specifically the GitLab Maven Package registry. Versions 13.2–13.? (starting 13.2) up to but not including 14.3.6, 14.4 up to but not including 14.4.4, and 14.5 up to but not including 14.5.2 are vulnerable. The issue is a regular expression denial of servi...

6.5CVSS6.1AI score0.0146EPSS

Cvelist•added 2021/12/13 3:47 p.m.•17 views

CVE-2021-39910

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

2.6CVSS5.2AI score0.00955EPSS

CVE•added 2021/12/13 3:47 p.m.•61 views

CVE-2021-39910

GitLab CE/EE versions affected by CVE-2021-39910 are vulnerable to HTML Injection via the Swagger UI feature. Specifically, GitLab installations with: 12.6–14.3.5, 14.4.0–14.4.3, and 14.5.0–14.5.1 are impacted. The root cause is HTML injection through Swagger UI as described in the CVE, with impa...

4.3CVSS4.6AI score0.00955EPSS