Vulnerabilities > Gitlab > Gitlab > 7.13.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-39937 | Improper Privilege Management vulnerability in Gitlab A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances | 6.5 |
| 2021-11-05 | CVE-2021-39913 | Unspecified vulnerability in Gitlab Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges | 6.7 |
| 2021-10-05 | CVE-2021-39881 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description. network gitlab | 3.5 |
| 2021-10-05 | CVE-2021-39882 | Cleartext Transmission of Sensitive Information vulnerability in Gitlab In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. | 5.0 |
| 2021-10-04 | CVE-2021-39873 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. network gitlab | 4.3 |
| 2021-10-04 | CVE-2021-39879 | Missing Authentication for Critical Function vulnerability in Gitlab Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | 4.0 |
| 2021-10-04 | CVE-2021-39899 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. | 1.9 |
| 2021-08-25 | CVE-2021-22243 | Incorrect Authorization vulnerability in Gitlab Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 4.0 |
| 2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 4.0 |
| 2021-08-20 | CVE-2021-22246 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. | 4.0 |