Vulnerabilities > Gitlab > Gitlab > 14.3.5

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2021-39927 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
network
gitlab CWE-918
3.5
3.5
2022-01-18 CVE-2021-39942 Resource Exhaustion vulnerability in Gitlab
A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.
network
low complexity
gitlab CWE-400
4.0
4.0
2022-01-18 CVE-2021-39946 Cross-site Scripting vulnerability in Gitlab
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis
network
gitlab CWE-79
3.5
3.5
2022-01-18 CVE-2022-0090 Improper Privilege Management vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-269
5.0
5.0
2022-01-18 CVE-2022-0093 Unspecified vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab
4.3
4.3
2022-01-18 CVE-2022-0124 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-116
4.3
4.3
2022-01-18 CVE-2022-0125 Missing Authorization vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
low complexity
gitlab CWE-862
4.3
4.3
2022-01-18 CVE-2022-0151 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
low complexity
gitlab
5.0
5.0
2022-01-18 CVE-2022-0152 Missing Authorization vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
low complexity
gitlab CWE-862
4.0
4.0
2022-01-18 CVE-2022-0154 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
gitlab CWE-352
6.0
6.0