217 matches found
CVE-2022-0151
Removed by vendor...
CVE-2021-22257
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...
CVE-2021-22250
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...
CVE-2021-22201
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...
CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project...
CVE-2021-22193
Removed by vendor...
CVE-2021-22188
Removed by vendor...
CVE-2020-13345
Removed by vendor...
Cross site scripting
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges...
CVE-2020-10979
Removed by vendor...
CVE-2020-10089
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,...
CVE-2020-7966
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal...
CVE-2019-20143
An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 12.6. It has Incorrect Access Control...
CVE-2019-20144
An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 10.8 through 12.6.1. It has Incorrect Access Control...
CVE-2019-6795
Removed by vendor...
CVE-2019-6794
CVE-2019-6794 affects GitLab Community and Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1. The issue allows information disclosure where a project guest user can view the last commit status of the default branch. The root cause details are not fully expande...
CVE-2017-0882
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC...