PT-2021-22717 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.11 and later Description: The issue allows an attacker to bypass the setting to disable Repo by URL import by making a crafted API call. This affects instances of GitLab CE/EE where this setting is enabled...

CVE-2021-39899

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account...

CVE-2021-39874

In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands...

CVE-2021-39899

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account...

CVE-2021-39879

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication...

CVE-2021-39899

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account...

PT-2021-22725 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.11.0 and later Description: The issue is related to missing authentication in GitLab CE/EE, which allows an attacker with access to a victim's session to disable two-factor authentication. Recommendations: For GitLab...

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

Removed by vendor...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-22247

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...

CVE-2021-22250

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

CVE-2021-22250

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...

Authorization

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...