Vulnerabilities > Gitlab > Gitlab > 8.13.7

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2021-39927 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
network
gitlab CWE-918
3.5
3.5
2022-01-18 CVE-2022-0090 Improper Privilege Management vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-269
5.0
5.0
2022-01-18 CVE-2022-0093 Unspecified vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab
4.3
4.3
2022-01-18 CVE-2022-0124 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-116
4.3
4.3
2022-01-18 CVE-2022-0154 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
gitlab CWE-352
6.0
6.0
2021-12-13 CVE-2021-39931 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
gitlab
3.5
3.5
2021-12-13 CVE-2021-39937 Improper Privilege Management vulnerability in Gitlab
A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
network
low complexity
gitlab CWE-269
6.5
6.5
2021-11-05 CVE-2021-39895 Unspecified vulnerability in Gitlab
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project.
network
high complexity
gitlab
2.1
2.1
2021-11-05 CVE-2021-39905 Unspecified vulnerability in Gitlab
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
network
low complexity
gitlab
4.0
4.0
2021-11-05 CVE-2021-39913 Unspecified vulnerability in Gitlab
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges
local
low complexity
gitlab
6.7
6.7