957 matches found
Denial of service
A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...
CVE-2021-39891
In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure...
CVE-2021-39880
CVE-2021-39880 affects the apollo_upload_server middleware in GitLab CE/EE (Ruby gem) across all affected GitLab releases: 11.9–14.0.8, 14.1.0–14.1.3, and 14.2.0–14.2.1. The issue allows a Denial of Service via specially crafted requests, denying access to all users. Upstream fixes exist in the c...
CVE-2021-39880
A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...
CVE-2021-39870
Removed by vendor...
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...
CVE-2021-39869
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project...
CVE-2021-39894
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks...
Improper access control
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...
CVE-2021-39872
CVE-2021-39872 affects GitLab CE/EE (all versions since 14.1) and stems from an improper access-control flaw that allows users with expired passwords to access GitLab via git and API tokens that were acquired before expiration. The vulnerability is described as enabling access through existing to...
CVE-2021-39869
Removed by vendor...
CVE-2021-39867
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery SSRF attacks...
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2021-39887
Removed by vendor...
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
PT-2021-22719 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 and later Description: An improper access control issue allows users with expired passwords to continue accessing GitLab through git and API endpoints, such as "/api/v1/login", using access tokens acquired before...