Vulnerabilities > Gitlab > Gitlab > 14.5.0

DATE CVE VULNERABILITY TITLE RISK
2021-12-13 CVE-2021-39910 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
gitlab CWE-79
4.3
4.3
2021-12-13 CVE-2021-39916 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-639
4.0
4.0
2021-12-13 CVE-2021-39931 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
gitlab
3.5
3.5
2021-12-13 CVE-2021-39932 Improper Input Validation vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-20
4.0
4.0
2021-12-13 CVE-2021-39933 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab
6.5
6.5
2021-12-13 CVE-2021-39934 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-639
4.0
4.0
2021-12-13 CVE-2021-39940 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab
6.5
6.5
2021-06-24 CVE-2021-32823 In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability.
network
high complexity
bindata-project gitlab
3.7
3.7