Vulnerabilities > Gitlab > Low

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-39879 Missing Authentication for Critical Function vulnerability in Gitlab
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication
network
low complexity
gitlab CWE-306
3.5
2021-08-25 CVE-2021-22245 Improper Input Validation vulnerability in Gitlab
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view
network
low complexity
gitlab CWE-20
2.7
2021-06-24 CVE-2021-32823 In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability.
network
high complexity
bindata-project gitlab
3.7
2021-06-08 CVE-2021-22218 Improper Certificate Validation vulnerability in Gitlab
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.
network
high complexity
gitlab CWE-295
2.6
2021-06-08 CVE-2021-22215 Unspecified vulnerability in Gitlab
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
network
low complexity
gitlab
2.7
2021-03-24 CVE-2021-22193 Information Exposure Through an Error Message vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting with 7.1.
network
low complexity
gitlab CWE-209
3.5
2020-11-17 CVE-2020-13353 Insufficient Session Expiration vulnerability in Gitlab Gitaly
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
local
low complexity
gitlab CWE-613
3.2
2020-10-07 CVE-2020-13342 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
network
low complexity
gitlab CWE-770
2.7
2020-09-15 CVE-2020-13308 Improper Preservation of Permissions vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-281
2.7
2020-08-13 CVE-2020-13282 Improper Preservation of Permissions vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
network
low complexity
gitlab CWE-281
3.5