Vulnerabilities > Gitlab > Gitlab > 13.0.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-08 | CVE-2021-22214 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | 4.3 |
2021-05-06 | CVE-2021-22206 | Cleartext Storage of Sensitive Information vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 11.6. | 4.0 |
2021-04-23 | CVE-2021-22205 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. | 7.5 |
2021-04-22 | CVE-2021-22199 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 12.9. | 3.5 |
2021-04-02 | CVE-2021-22202 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. | 4.3 |
2021-04-02 | CVE-2021-22200 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. network gitlab | 4.3 |
2021-04-02 | CVE-2021-22197 | Infinite Loop vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other | 4.0 |
2021-04-01 | CVE-2021-22177 | Resource Exhaustion vulnerability in Gitlab Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | 4.0 |
2021-03-26 | CVE-2021-22194 | Cleartext Storage of Sensitive Information vulnerability in Gitlab In all versions of GitLab, marshalled session keys were being stored in Redis. | 2.1 |
2021-03-26 | CVE-2021-22184 | Information Exposure Through Log Files vulnerability in Gitlab An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | 2.1 |