CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22242

CVE-2021-22242 affects GitLab CE/EE versions 11.4 and later, due to insufficient input sanitization in Mermaid markdown, enabling stored cross-site scripting when processing crafted Markdown. The issue is consistently documented across NVD, OSV, and vendor/Tenable reports (GitLab CVE entry and OS...

CVE-2021-22243

GitLab CVE-2021-22243 affects GitLab CE/EE versions starting 7.10, where under specialized conditions an invite URL intended for a different email address can be used by an existing GitLab user to gain access to a group. The connected Red Hat and OSV entries corroborate the basic description; how...

CVE-2021-22247

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...

CVE-2021-22247

The CVE concerns GitLab CE/EE (all versions since 13.0) with improper authorization that allows guests in private projects to view CI/CD analytics. Multiple connected sources (e.g., Red Hat CVE page, OSV, NVD, and OSV Ubuntu/NASL references) corroborate the issue. The root cause details beyond “i...

CVE-2021-22247

Removed by vendor...

CVE-2021-22245

CVE-2021-22245 affects GitLab CE/EE (all versions) due to improper validation of the commit author. The flaw allows an attacker to make several pages in a project impossible to view. Documents consistently describe the issue but do not provide specific exploit vectors, affected exact versions, or...

CVE-2021-22256

CVE-2021-22256 concerns GitLab CE/EE: improper authorization allowed guest users to create issues for Sentry errors and track status, affecting all versions since 12.6. Public records from Red Hat, OSV, NVD and related feeds confirm the issue exists in GitLab CE/EE and has concrete exploitation c...

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

CVE-2021-22256

Removed by vendor...

CVE-2021-22250

CVE-2021-22250: Improper authorization in GitLab CE/EE affecting all versions since 13.3 allows users to view and delete impersonation tokens created for their account. The data provided does not specify concrete exploit vectors, affected components beyond the impersonation token mechanism, or re...

CVE-2021-22250

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...

PT-2021-6753 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 and later Description: The issue is related to incorrect authorization in GitLab, a platform for collaborative code development. Under specific conditions, it allows existing users to use an invite URL intended for...

CVE-2021-22252

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

CVE-2021-22252

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

Type confusion

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

CVE-2021-22248

CVE-2021-22248 affects GitLab CE/EE (all versions since 13.12). The vulnerability is an improper authorization on the pipelines page, allowing unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only. The issue is described ...

CVE-2021-22254

GitLab CVE-2021-22254 affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7, and 13.12.9. Under very specific conditions, a user could be impersonated via GitLab shell. The connected documents provide the same vulnerability description and affected version ranges but do not specify a root ca...

CVE-2021-22254

Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9...