Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-39900 | Information Exposure Through Log Files vulnerability in Gitlab Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | 2.7 |
| 2021-09-09 | CVE-2021-22239 | Incorrect Authorization vulnerability in Gitlab An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | 4.3 |
| 2021-08-25 | CVE-2021-22236 | Incorrect Authorization vulnerability in Gitlab 14.1.0/14.1.1 Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. | 8.8 |
| 2021-08-25 | CVE-2021-22237 | Session Fixation vulnerability in Gitlab Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. | 4.9 |
| 2021-08-25 | CVE-2021-22242 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 5.4 |
| 2021-08-25 | CVE-2021-22243 | Incorrect Authorization vulnerability in Gitlab Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 4.3 |
| 2021-08-25 | CVE-2021-22244 | Unspecified vulnerability in Gitlab Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | 6.5 |
| 2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 2.7 |
| 2021-08-25 | CVE-2021-22247 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | 4.3 |
| 2021-08-25 | CVE-2021-22250 | Unspecified vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | 5.4 |