Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-22185 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki | 5.4 |
| 2021-03-24 | CVE-2021-22179 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 12.2. | 5.4 |
| 2021-03-24 | CVE-2021-22178 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.2. | 5.0 |
| 2021-03-24 | CVE-2021-22176 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 3.0.1. | 4.3 |
| 2021-03-04 | CVE-2021-22189 | Improper Certificate Validation vulnerability in Gitlab Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | 7.2 |
| 2021-03-04 | CVE-2021-22183 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 11.8. | 5.4 |
| 2021-03-03 | CVE-2021-22188 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 13.0. | 5.3 |
| 2021-03-03 | CVE-2021-22182 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 13.7. | 5.4 |
| 2021-03-02 | CVE-2021-22187 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. | 4.3 |
| 2021-01-15 | CVE-2021-22171 | Improper Authentication vulnerability in Gitlab Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | 6.5 |