Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-0244 | Files or Directories Accessible to External Parties vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. | 7.5 |
| 2021-12-13 | CVE-2021-39935 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 7.5 |
| 2021-12-13 | CVE-2021-39937 | Improper Privilege Management vulnerability in Gitlab A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances | 8.8 |
| 2021-12-13 | CVE-2021-39944 | Improper Privilege Management vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 7.1 |
| 2021-12-06 | CVE-2021-22170 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gitlab Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | 7.5 |
| 2021-10-05 | CVE-2021-39867 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. | 8.1 |
| 2021-10-05 | CVE-2021-39893 | Missing Authorization vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 7.5 |
| 2021-08-25 | CVE-2021-22236 | Incorrect Authorization vulnerability in Gitlab 14.1.0/14.1.1 Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. | 8.8 |
| 2021-07-07 | CVE-2021-22230 | Unspecified vulnerability in Gitlab Improper code rendering while rendering merge requests could be exploited to submit malicious code. | 7.2 |
| 2021-07-06 | CVE-2021-22229 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. | 7.5 |