Vulnerabilities > Gitlab > Gitlab > 14.2.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-39899 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. | 1.9 |
| 2021-10-04 | CVE-2021-39900 | Information Exposure Through Log Files vulnerability in Gitlab Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | 4.0 |
| 2021-06-24 | CVE-2021-32823 | In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. | 3.7 |