Vulnerabilities > Gitlab > Gitlab > 0.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 4.0 |
2021-07-06 | CVE-2021-22228 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. | 4.0 |
2021-06-08 | CVE-2021-22216 | Resource Exhaustion vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | 4.0 |
2021-06-08 | CVE-2021-22217 | Unspecified vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request | 4.0 |
2021-04-02 | CVE-2021-22202 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. | 4.3 |
2021-03-26 | CVE-2021-22194 | Cleartext Storage of Sensitive Information vulnerability in Gitlab In all versions of GitLab, marshalled session keys were being stored in Redis. | 2.1 |
2021-03-04 | CVE-2021-22189 | Improper Certificate Validation vulnerability in Gitlab Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | 6.5 |
2021-03-02 | CVE-2021-22187 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. | 4.0 |
2020-11-17 | CVE-2020-13350 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. | 4.3 |
2020-10-08 | CVE-2020-13340 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | 3.5 |