Vulnerabilities > Gitlab > Gitlab > 13.7.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-22211 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. | 3.5 |
| 2021-04-23 | CVE-2021-22205 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. | 7.5 |
| 2021-04-22 | CVE-2021-22199 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 12.9. | 3.5 |
| 2021-04-12 | CVE-2021-22190 | Path Traversal vulnerability in Gitlab A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | 4.0 |
| 2021-04-02 | CVE-2021-22202 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. | 4.3 |
| 2021-04-02 | CVE-2021-22200 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. network gitlab | 4.3 |
| 2021-04-02 | CVE-2021-22197 | Infinite Loop vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other | 4.0 |
| 2021-04-02 | CVE-2021-22196 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. | 3.5 |
| 2021-04-01 | CVE-2021-22177 | Resource Exhaustion vulnerability in Gitlab Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. | 4.0 |
| 2021-03-26 | CVE-2021-22194 | Cleartext Storage of Sensitive Information vulnerability in Gitlab In all versions of GitLab, marshalled session keys were being stored in Redis. | 2.1 |