PT-2021-22725 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.11.0 and later Description: The issue is related to missing authentication in GitLab CE/EE, which allows an attacker with access to a victim's session to disable two-factor authentication. Recommendations: For GitLab...

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

Removed by vendor...

CVE-2021-22239

CVE-2021-22239 affects GitLab CE/EE 14.0 and later, where an unauthorized user could insert metadata when creating a new issue. The connected advisories confirm the issue is an access-restriction bypass tied to issue creation, with multiple sources noting the need to upgrade to a patched release....

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

Sensormatic Electronics KT-1

1. EXECUTIVE SUMMARY Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc. Equipment: KT-1 Vulnerability: Use of Unmaintained Third-party Components 2. RISK EVALUATION The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive...

CVE-2021-22247

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-22247

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...

CVE-2021-22250

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

CVE-2021-22250

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...

Authorization

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

Cross site scripting

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

Authorization

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...