Vulnerabilities > Gitlab > Gitlab > 2.4.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-18 | CVE-2022-0124 | Improper Encoding or Escaping of Output vulnerability in Gitlab An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. | 4.3 |
2021-12-13 | CVE-2021-39937 | Improper Privilege Management vulnerability in Gitlab A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances | 6.5 |
2021-11-05 | CVE-2021-39913 | Unspecified vulnerability in Gitlab Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges | 6.7 |
2021-10-05 | CVE-2021-39882 | Cleartext Transmission of Sensitive Information vulnerability in Gitlab In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. | 5.0 |
2021-10-04 | CVE-2021-39873 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. network gitlab | 4.3 |
2021-10-04 | CVE-2021-39899 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. | 1.9 |
2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 4.0 |
2021-08-20 | CVE-2021-22246 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. | 4.0 |
2021-07-06 | CVE-2021-22228 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. | 4.0 |
2021-06-08 | CVE-2021-22216 | Resource Exhaustion vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | 4.0 |