957 matches found
CVE-2021-22231
CVE-2021-22231 describes a denial-of-service impacting GitLab CE/EE pages for user profiles, starting with GitLab CE/EE 8.0. The issue allows an attacker to create a specially crafted username to block access to a user’s profile page. Multiple connected sources confirm the vulnerability exists in...
CVE-2021-22231
Removed by vendor...
GitLab CE HTML Injection Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE...
CVE-2021-22223
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
CVE-2021-22223
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
Code injection
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
CVE-2021-22223
GitLab CE/EE vulnerable to Client-Side code injection via feature flag names (CVE-2021-22223). Affected versions: 11.9 up to before 14.0.2. Root cause: crafted feature flag name allows PUT requests on behalf of other users when a link is clicked. Impact: an attacker could perform actions on behal...
CVE-2021-22223
Removed by vendor...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22226
Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...
Design/Logic Flaw
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22226
Removed by vendor...
CVE-2021-22232
CVE-2021-22232 describes an HTML injection vulnerability in GitLab CE where the full name field could be exploited. Affected are GitLab CE prior to versions 13.11.6, 13.12.6, and 14.0.2. Root cause: input in the full name field not properly sanitized. Impact: HTML injection; exact exploitation de...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-22232
Removed by vendor...
CVE-2021-22181
Removed by vendor...
CVE-2021-22217
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request...
CVE-2021-22213
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...