Vulnerabilities > Gitlab > Gitlab > 13.12.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-05 | CVE-2021-39888 | Unspecified vulnerability in Gitlab In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates. | 4.3 |
2021-10-05 | CVE-2021-39893 | Missing Authorization vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 5.0 |
2021-10-05 | CVE-2021-39894 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | 5.5 |
2021-10-05 | CVE-2021-39887 | Cross-site Scripting vulnerability in Gitlab A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | 3.5 |
2021-10-04 | CVE-2021-22259 | Unspecified vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. | 4.0 |
2021-10-04 | CVE-2021-39868 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. | 4.0 |
2021-10-04 | CVE-2021-39871 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | 4.0 |
2021-10-04 | CVE-2021-39873 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. network gitlab | 4.3 |
2021-10-04 | CVE-2021-39874 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | 4.0 |
2021-10-04 | CVE-2021-39877 | Resource Exhaustion vulnerability in Gitlab A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. | 4.3 |