Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-0244 Files or Directories Accessible to External Parties vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5.
network
low complexity
gitlab CWE-552
7.5
2021-12-13 CVE-2021-39910 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-79
4.3
2021-12-13 CVE-2021-39915 Exposure of Resource to Wrong Sphere vulnerability in Gitlab
Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
network
low complexity
gitlab CWE-668
5.3
2021-12-13 CVE-2021-39916 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-639
4.3
2021-12-13 CVE-2021-39917 Incorrect Comparison vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-697
6.5
2021-12-13 CVE-2021-39918 Incorrect Authorization vulnerability in Gitlab
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
network
low complexity
gitlab CWE-863
4.3
2021-12-13 CVE-2021-39919 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
local
low complexity
gitlab CWE-640
4.4
2021-12-13 CVE-2021-39930 Incorrect Authorization vulnerability in Gitlab
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
network
low complexity
gitlab CWE-863
4.3
2021-12-13 CVE-2021-39931 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab
4.3
2021-12-13 CVE-2021-39932 Improper Input Validation vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-20
4.3