Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-20 | CVE-2021-22238 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 13.3. | 5.4 |
| 2021-08-20 | CVE-2021-22246 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. | 6.5 |
| 2021-08-20 | CVE-2021-22254 | Improper Encoding or Escaping of Output vulnerability in Gitlab Under very specific conditions a user could be impersonated using Gitlab shell. | 4.3 |
| 2021-08-05 | CVE-2021-22234 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. | 6.4 |
| 2021-08-05 | CVE-2021-22240 | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | 4.3 |
| 2021-08-05 | CVE-2021-22241 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. | 5.4 |
| 2021-07-07 | CVE-2021-22233 | Missing Authorization vulnerability in Gitlab An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | 4.3 |
| 2021-07-07 | CVE-2021-22224 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | 6.5 |
| 2021-07-07 | CVE-2021-22225 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 5.4 |
| 2021-07-07 | CVE-2021-22227 | Cross-site Scripting vulnerability in Gitlab A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | 6.1 |