Vulnerabilities > Gitlab > Gitlab > 14.1.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-1121 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | 5.0 |
| 2022-04-04 | CVE-2022-1148 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Gitlab Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites | 6.5 |
| 2022-04-04 | CVE-2022-1174 | Improper Validation of Specified Quantity in Input vulnerability in Gitlab A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | 7.5 |
| 2022-04-04 | CVE-2022-1185 | Out-of-bounds Write vulnerability in Gitlab A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file | 6.5 |
| 2022-04-04 | CVE-2022-1188 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | 5.0 |
| 2022-04-04 | CVE-2022-1189 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | 4.0 |
| 2022-04-04 | CVE-2022-1190 | Cross-site Scripting vulnerability in Gitlab Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | 3.5 |
| 2022-04-01 | CVE-2021-39908 | Code Injection vulnerability in Gitlab In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 7.5 |
| 2022-04-01 | CVE-2022-0373 | Unspecified vulnerability in Gitlab Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | 4.3 |
| 2022-04-01 | CVE-2022-0390 | Missing Authorization vulnerability in Gitlab Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | 4.3 |