957 matches found
Cross site scripting
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...
Authorization
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...
CVE-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...
CVE-2021-22247
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...
CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...
CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...
CVE-2021-22242
CVE-2021-22242 affects GitLab CE/EE versions 11.4 and later, due to insufficient input sanitization in Mermaid markdown, enabling stored cross-site scripting when processing crafted Markdown. The issue is consistently documented across NVD, OSV, and vendor/Tenable reports (GitLab CVE entry and OS...
CVE-2021-22247
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...
CVE-2021-22247
The CVE concerns GitLab CE/EE (all versions since 13.0) with improper authorization that allows guests in private projects to view CI/CD analytics. Multiple connected sources (e.g., Red Hat CVE page, OSV, NVD, and OSV Ubuntu/NASL references) corroborate the issue. The root cause details beyond “i...
CVE-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...
CVE-2021-22256
Removed by vendor...
CVE-2021-22250
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...
PT-2021-6753 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 and later Description: The issue is related to incorrect authorization in GitLab, a platform for collaborative code development. Under specific conditions, it allows existing users to use an invite URL intended for...
CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
Type confusion
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
CVE-2021-22254
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9...
UBUNTU-CVE-2021-22241
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name...
CVE-2021-22231
A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...
Denial of service
A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...