Vulnerabilities > Gitlab > Gitlab > 14.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-25 | CVE-2021-22236 | Incorrect Authorization vulnerability in Gitlab 14.1.0/14.1.1 Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. | 6.5 |
| 2021-08-25 | CVE-2021-22237 | Session Fixation vulnerability in Gitlab Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. | 4.0 |
| 2021-08-25 | CVE-2021-22242 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 3.5 |
| 2021-08-25 | CVE-2021-22243 | Incorrect Authorization vulnerability in Gitlab Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 4.0 |
| 2021-08-25 | CVE-2021-22244 | Unspecified vulnerability in Gitlab Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | 4.0 |
| 2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 4.0 |
| 2021-08-25 | CVE-2021-22247 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | 4.0 |
| 2021-08-25 | CVE-2021-22250 | Unspecified vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | 5.5 |
| 2021-08-25 | CVE-2021-22256 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | 5.5 |
| 2021-08-23 | CVE-2021-22248 | Unspecified vulnerability in Gitlab Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | 5.0 |