Vulnerabilities > Gitlab > Gitlab > 8.7.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-25 | CVE-2021-22243 | Incorrect Authorization vulnerability in Gitlab Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 4.0 |
| 2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 4.0 |
| 2021-08-20 | CVE-2021-22246 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. | 4.0 |
| 2021-07-07 | CVE-2021-22231 | Unspecified vulnerability in Gitlab A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | 4.0 |
| 2021-07-06 | CVE-2021-22228 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. | 4.0 |
| 2021-06-08 | CVE-2021-22216 | Resource Exhaustion vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | 4.0 |
| 2021-06-08 | CVE-2021-22213 | Unspecified vulnerability in Gitlab A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari network gitlab | 4.3 |
| 2021-06-08 | CVE-2021-22217 | Unspecified vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request | 4.0 |
| 2021-04-02 | CVE-2021-22202 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. | 4.3 |
| 2021-03-26 | CVE-2021-22194 | Cleartext Storage of Sensitive Information vulnerability in Gitlab In all versions of GitLab, marshalled session keys were being stored in Redis. | 2.1 |