Vulnerabilities > Gitlab > Gitlab > 8.12.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-04 | CVE-2022-1120 | Information Exposure Through an Error Message vulnerability in Gitlab Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | 4.0 |
2022-04-04 | CVE-2022-1121 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | 5.0 |
2022-04-04 | CVE-2022-1190 | Cross-site Scripting vulnerability in Gitlab Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | 3.5 |
2022-04-01 | CVE-2021-39908 | Code Injection vulnerability in Gitlab In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 7.5 |
2022-04-01 | CVE-2022-0425 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | 6.5 |
2022-03-28 | CVE-2022-0123 | Improper Certificate Validation vulnerability in Gitlab An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. | 4.9 |
2022-03-28 | CVE-2022-0488 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. | 4.0 |
2022-01-18 | CVE-2021-39927 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | 3.5 |
2022-01-18 | CVE-2022-0090 | Improper Privilege Management vulnerability in Gitlab An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. | 5.0 |
2022-01-18 | CVE-2022-0093 | Unspecified vulnerability in Gitlab An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. | 4.3 |