2483 matches found
CVE-2021-22217
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request...
CVE-2021-22213
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...
CVE-2021-22217
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request...
Information disclosure
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly...
CVE-2021-22219
CVE-2021-22219 – GitLab information disclosure : GitLab CE/EE versions affected are 9.5–13.12.1 (with specific end versions: before 13.10.5, before 13.11.5, and before 13.12.2). The issue allows a high-privilege user to obtain sensitive information from log files because sensitive data was not pr...
CVE-2021-22217
GitLab CE/EE is affected by a denial-of-service vulnerability (CVE-2021-22217) in all versions before 13.12.2, 13.11.5, or 13.10.5. An attacker can trigger uncontrolled resource consumption by submitting a specially crafted issue or merge request, leading to high CPU/disk/resource usage on vulner...
CVE-2021-22218
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...
CVE-2021-22218
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...
CVE-2021-22214
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited...
CVE-2021-22218
GitLab CE/EE versions affected by CVE-2021-22218 include 12.8 before 13.10.5, all 13.11 versions before 13.11.5, and all 13.12 versions before 13.12.2, due to an issue in handling x509 certificates that could be used to spoof the author of signed commits. The root cause is improper x509 handling ...
CVE-2021-22214
Removed by vendor...
CVE-2021-22214
GitLab CE/EE 10.5+ is affected by a server-side request forgery when requests to the internal network for webhooks are enabled. The SSRF can be exploited by an unauthenticated attacker on instances with limited registration. The issue spans multiple CVEs and has been addressed in patches across s...
Juniper Junos DoS (JSA11148)
The version of Junos OS installed on the remote host is affected by a denial of service vulnerability as referenced in the JSA11148 advisory. On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB...
CVE-2021-22210
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results...
Code injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...
CVE-2021-22209
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...
Code injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results...
CVE-2021-22209
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...
CVE-2021-22209
GitLab CE/EE (versions 13.8 and later) contains CVE-2021-22209, where GraphQL mutations could be executed due to insufficient authorization token validation. This allowed unauthorized GraphQL mutations on affected instances. Remediation and fixes have been released in GitLab updates: 13.11.2, 13....
CVE-2021-22209
Removed by vendor...