961 matches found
CVE-2021-22244
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data...
CVE-2021-22244
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data...
Authorization
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data...
CVE-2021-22244
Removed by vendor...
CVE-2021-22244
CVE-2021-22244 concerns an improper authorization flaw in GitLab EE’s vulnerability report feature, allowing a reporter to access vulnerability data. Affected: GitLab Enterprise Edition, versions since 13.1. Root cause: improper authorization. Impact: leakage of vulnerability data to reporters; n...
CVE-2021-22247
The CVE concerns GitLab CE/EE (all versions since 13.0) with improper authorization that allows guests in private projects to view CI/CD analytics. Multiple connected sources (e.g., Red Hat CVE page, OSV, NVD, and OSV Ubuntu/NASL references) corroborate the issue. The root cause details beyond “i...
CVE-2021-22253
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...
CVE-2021-22249
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
CVE-2021-22251
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...
Information disclosure
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
CVE-2021-22253
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...
Input validation
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...
CVE-2021-22249
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
CVE-2021-22251
Removed by vendor...
CVE-2021-22253
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...
CVE-2021-22253
Removed by vendor...
CVE-2021-22254
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9...
CVE-2021-22240
Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled...
Information disclosure
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...
CVE-2021-22231
CVE-2021-22231 describes a denial-of-service impacting GitLab CE/EE pages for user profiles, starting with GitLab CE/EE 8.0. The issue allows an attacker to create a specially crafted username to block access to a user’s profile page. Multiple connected sources confirm the vulnerability exists in...