High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-04	CVE-2021-22189	Improper Certificate Validation vulnerability in Gitlab Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. network low complexity gitlab CWE-295	7.2
2021-01-15	CVE-2021-22167	Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1. network low complexity gitlab	7.5
2021-01-15	CVE-2021-22166	Resource Exhaustion vulnerability in Gitlab 13.7.0/13.7.1 An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method network low complexity gitlab CWE-400	7.5
2020-11-19	CVE-2020-13359	Unspecified vulnerability in Gitlab The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. network low complexity gitlab	7.6
2020-11-19	CVE-2020-13356	Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. network low complexity gitlab	8.2
2020-11-19	CVE-2020-13355	Path Traversal vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. network low complexity gitlab CWE-22	8.1
2020-11-17	CVE-2020-26405	Path Traversal vulnerability in Gitlab Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. network low complexity gitlab CWE-22	7.1
2020-10-22	CVE-2020-13327	Unspecified vulnerability in Gitlab Runner An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. network high complexity gitlab	7.5
2020-10-08	CVE-2020-13340	Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log network low complexity gitlab CWE-79	8.7
2020-10-07	CVE-2020-13334	Incorrect Authorization vulnerability in Gitlab In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query network low complexity gitlab CWE-863	7.5