Vulnerabilities > Gitlab > Gitlab > 13.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-06 | CVE-2021-22210 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. | 5.0 |
2021-04-23 | CVE-2021-22205 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. | 7.5 |
2021-04-22 | CVE-2021-22199 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 12.9. | 3.5 |
2021-04-02 | CVE-2021-22202 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. | 4.3 |
2021-04-02 | CVE-2021-22200 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. network gitlab | 4.3 |
2021-04-02 | CVE-2021-22197 | Infinite Loop vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other | 4.0 |
2021-04-02 | CVE-2021-22196 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. | 3.5 |
2021-04-01 | CVE-2021-22177 | Resource Exhaustion vulnerability in Gitlab Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | 4.0 |
2021-03-26 | CVE-2021-22194 | Cleartext Storage of Sensitive Information vulnerability in Gitlab In all versions of GitLab, marshalled session keys were being stored in Redis. | 2.1 |
2021-03-26 | CVE-2021-22184 | Information Exposure Through Log Files vulnerability in Gitlab An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | 2.1 |