Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-39893 | Missing Authorization vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 7.5 |
| 2021-10-05 | CVE-2021-39894 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | 5.4 |
| 2021-10-05 | CVE-2021-39887 | Cross-site Scripting vulnerability in Gitlab A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | 5.4 |
| 2021-10-04 | CVE-2021-22259 | Unspecified vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. | 6.5 |
| 2021-10-04 | CVE-2021-39868 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. | 4.3 |
| 2021-10-04 | CVE-2021-39871 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | 4.3 |
| 2021-10-04 | CVE-2021-39873 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. | 4.3 |
| 2021-10-04 | CVE-2021-39874 | Unspecified vulnerability in Gitlab In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | 4.3 |
| 2021-10-04 | CVE-2021-39877 | Resource Exhaustion vulnerability in Gitlab A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. | 5.5 |
| 2021-10-04 | CVE-2021-39879 | Missing Authentication for Critical Function vulnerability in Gitlab Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | 3.5 |