Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-39937 | Improper Privilege Management vulnerability in Gitlab A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances | 8.8 |
| 2021-12-13 | CVE-2021-39938 | Resource Exhaustion vulnerability in Gitlab A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands | 6.5 |
| 2021-12-13 | CVE-2021-39939 | Resource Exhaustion vulnerability in Gitlab An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager | 6.5 |
| 2021-12-13 | CVE-2021-39940 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 6.5 |
| 2021-12-13 | CVE-2021-39941 | Information Exposure vulnerability in Gitlab An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members | 5.3 |
| 2021-12-13 | CVE-2021-39944 | Improper Privilege Management vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 7.1 |
| 2021-12-13 | CVE-2021-39945 | Incorrect Authorization vulnerability in Gitlab Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked | 2.7 |
| 2021-12-06 | CVE-2021-22170 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gitlab Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | 7.5 |
| 2021-12-06 | CVE-2021-39890 | Improper Authentication vulnerability in Gitlab It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | 9.8 |
| 2021-11-05 | CVE-2021-22260 | Cross-site Scripting vulnerability in Gitlab A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf | 5.4 |