Vulnerabilities > Gitlab > Gitlab > 13.8.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-02 | CVE-2021-22196 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. | 3.5 |
2021-03-26 | CVE-2021-22194 | Cleartext Storage of Sensitive Information vulnerability in Gitlab In all versions of GitLab, marshalled session keys were being stored in Redis. | 2.1 |
2021-03-24 | CVE-2021-22192 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | 6.5 |
2021-03-24 | CVE-2021-22186 | Incorrect Authorization vulnerability in Gitlab An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners | 4.0 |
2021-03-24 | CVE-2021-22185 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki | 3.5 |