Vulnerabilities > Gitlab > Gitlab > 8.9.9

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2021-39908 Code Injection vulnerability in Gitlab
In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.
network
low complexity
gitlab CWE-94
7.5
7.5
2022-04-01 CVE-2022-0425 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
network
low complexity
gitlab CWE-918
6.5
6.5
2022-03-28 CVE-2022-0123 Improper Certificate Validation vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
gitlab CWE-295
4.9
4.9
2022-01-18 CVE-2021-39927 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
network
gitlab CWE-918
3.5
3.5
2022-01-18 CVE-2022-0090 Improper Privilege Management vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-269
5.0
5.0
2022-01-18 CVE-2022-0093 Unspecified vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab
4.3
4.3
2022-01-18 CVE-2022-0124 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-116
4.3
4.3
2022-01-18 CVE-2022-0154 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
gitlab CWE-352
6.0
6.0
2021-12-13 CVE-2021-39937 Improper Privilege Management vulnerability in Gitlab
A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
network
low complexity
gitlab CWE-269
6.5
6.5
2021-11-05 CVE-2021-39895 Unspecified vulnerability in Gitlab
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project.
network
high complexity
gitlab
2.1
2.1