Vulnerabilities > Gitlab > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-04 | CVE-2021-39879 | Missing Authentication for Critical Function vulnerability in Gitlab Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | 3.5 |
2021-08-25 | CVE-2021-22245 | Improper Input Validation vulnerability in Gitlab Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 2.7 |
2021-06-24 | CVE-2021-32823 | In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. | 3.7 |
2021-06-08 | CVE-2021-22218 | Improper Certificate Validation vulnerability in Gitlab All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. | 2.6 |
2021-06-08 | CVE-2021-22215 | Unspecified vulnerability in Gitlab An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects | 2.7 |
2021-03-24 | CVE-2021-22193 | Information Exposure Through an Error Message vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 7.1. | 3.5 |
2020-11-17 | CVE-2020-13353 | Insufficient Session Expiration vulnerability in Gitlab Gitaly When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | 3.2 |
2020-10-07 | CVE-2020-13342 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 2.7 |
2020-09-15 | CVE-2020-13308 | Improper Preservation of Permissions vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 2.7 |
2020-08-13 | CVE-2020-13282 | Improper Preservation of Permissions vulnerability in Gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | 3.5 |