2483 matches found
CVE-2021-22234
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server...
CVE-2021-22234
CVE-2021-22234 affects GitLab CE/EE: all versions from 13.11 up to but not including 13.11.7, all 13.12 series before 13.12.8, and all 14.0 series before 14.0.4. The issue involves a specially crafted design image that allows attackers to read arbitrary files on the server. Root cause and vulnera...
CVE-2021-22241
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name...
UBUNTU-CVE-2021-22241
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name...
CVE-2021-22241
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name...
CVE-2021-22241
GitLab CE/EE versions starting from 14.0 are affected by CVE-2021-22241, which enables stored cross-site scripting via a crafted default branch name. The Arch Linux advisory confirms the issue is fixed upstream in GitLab 14.1.2 (issue resolved in 14.1.2-1); other sources list affected ranges as 1...
CVE-2020-20741
Beckhoff CX9020 vulnerability (firmware CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6) enables authentication bypass via the CE Remote Display Tool because the Windows CE side does not close the incoming connection after incorrect credentials. This is a remote, network-exposed issue with potential for...
CVE-2021-22230
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2...
CVE-2021-22231
A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...
CVE-2021-22231
A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...
Denial of service
A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...
Design/Logic Flaw
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2...
CVE-2021-22230
CVE-2021-22230 affects GitLab CE/EE from v9.3 through v14.0.2, with the underlying issue: improper code rendering during merge-request rendering that enables submitting malicious code. The connected sources confirm this affects GitLab releases in the 13.x series (notably 13.11.6 and 13.12.6) and ...
CVE-2021-22231
CVE-2021-22231 describes a denial-of-service impacting GitLab CE/EE pages for user profiles, starting with GitLab CE/EE 8.0. The issue allows an attacker to create a specially crafted username to block access to a user’s profile page. Multiple connected sources confirm the vulnerability exists in...
CVE-2021-22231
Removed by vendor...
GitLab CE HTML Injection Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE...
CVE-2021-22223
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
CVE-2021-22223
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
Code injection
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
CVE-2021-22223
GitLab CE/EE vulnerable to Client-Side code injection via feature flag names (CVE-2021-22223). Affected versions: 11.9 up to before 14.0.2. Root cause: crafted feature flag name allows PUT requests on behalf of other users when a link is clicked. Impact: an attacker could perform actions on behal...