421 matches found
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file...
CVE-2022-0151
Removed by vendor...
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...
CVE-2021-22170
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...
CVE-2021-39911
Removed by vendor...
CVE-2021-22257
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...
CVE-2021-22264
GitLab CVE-2021-22264 affects GitLab versions 13.8 and later up to 14.0.9, 14.1 up to 14.1.4, and 14.2 up to 14.2.2. The root cause described is that under specialized conditions an invited group member may maintain access to a project even after the invited group, which the member belonged to, i...
CVE-2021-39893
A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation...
CVE-2021-39875
Removed by vendor...
CVE-2021-22250
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...
CVE-2021-22245
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...
CVE-2021-22245
Removed by vendor...
CVE-2021-22238
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues...
[ASA-202107-18] gitlab: multiple issues
Arch Linux Security Advisory ASA-202107-18 ========================================== Severity: High Date : 2021-07-06 CVE-ID : CVE-2021-22223 CVE-2021-22224 CVE-2021-22225 CVE-2021-22226 CVE-2021-22227 CVE-2021-22228 CVE-2021-22229 CVE-2021-22230 CVE-2021-22231 CVE-2021-22232 CVE-2021-31799...
CVE-2021-22181
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources...
[ASA-202106-21] gitlab: multiple issues
Arch Linux Security Advisory ASA-202106-21 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2021-22181 CVE-2021-22213 CVE-2021-22214 CVE-2021-22216 CVE-2021-22217 CVE-2021-22218 CVE-2021-22219 CVE-2021-22220 CVE-2021-22221 Package : gitlab Type : multiple...
GitLab: Clipboard DOM-based XSS
Summary A clipboard DOM-based XSS exists on several Markdown text fields. Technical details The app/assets/javascripts/behaviors/markdown/copyasgfm.js file is used to get and set GFM GitHub Flavored Markdown data on the clipboard on different parts of the GitLab application. If a user copies data...
CVE-2021-22201
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...
CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project...