CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

Cross site scripting

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...

CVE-2021-22202

CVE-2021-22202 affects GitLab CE/EE (all prior versions) where an admin can be CSRF-ed via the API to System hooks. The issue is described across multiple sources (GitLab CVE entries, Red Hat/RH, OSV, Nessus notes, etc.) with the core flaw being CSRF in System hooks through the API when the victi...

CVE-2021-22198

CVE-2021-22198 affects GitLab CE/EE, from version 13.8 and above. The issue allows an authenticated user to delete incident metric images of public projects. The connected documents confirm the affected product and the exact action; they do not provide root cause details or explicit remediation s...

CVE-2021-22201

GitLab CE/EE CVE-2021-22201 affects all versions from 13.9. A crafted import file could read files on the server (arbitrary file read) during project import/export. Public details in the sources indicate affected ranges such as 13.9.x before 13.9.5 and 13.10.x before 13.10.1; remediation mentione...

CVE-2021-22203

CVE-2021-22203 affects GitLab CE/EE; a specially crafted Wiki page could read arbitrary files on the server. Affected versions: 13.7.9–13.8.6, 13.9.x before 13.9.5, and 13.10.x before 13.10.1. Remediation: upgrade to patched releases (e.g., 13.8.7, 13.9.5, 13.10.1 or newer). Root cause: Wiki hand...

CVE-2021-22203

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...

CVE-2021-22203

Removed by vendor...

CVE-2021-22196

CVE-2021-22196 affects GitLab CE/EE starting from version 13.4 and later. The issue is a stored cross-site scripting vulnerability exploited via a specially crafted branch name in merge requests. Exploitation details and impact are described in the linked sources; remediation information (patch v...

CVE-2021-22196

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...

PT-2021-14907 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 and later Description: An issue has been discovered in GitLab CE/EE, where it was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. Recommendations: For GitLa...

CVE-2021-22177

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command...

CVE-2021-22177

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command...

CVE-2021-22177

Summary of CVE-2021-22177 (GitLab/gitlab-shell DoS) Affected software: GitLab Community Edition and Enterprise Edition (GitLab CE/EE) with gitlab-shell, version 12.6.0 or newer. Root cause and vulnerability: A potential DoS vulnerability in gitlab-shell allows an attacker to spike server resource...

CVE-2021-22177

Removed by vendor...

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...

GitLab CE/EE Code Injection Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A code...

CVE-2021-22192

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server...