Vulnerabilities > Gitlab > Gitlab > 14.0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-39896 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues. | 5.5 |
| 2021-10-04 | CVE-2021-39899 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. | 1.9 |
| 2021-10-04 | CVE-2021-39900 | Information Exposure Through Log Files vulnerability in Gitlab Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | 4.0 |
| 2021-06-24 | CVE-2021-32823 | In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. | 3.7 |