Vulnerabilities > Gitlab > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2021-39942 Resource Exhaustion vulnerability in Gitlab
A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.
network
low complexity
gitlab CWE-400
6.5
6.5
2022-01-18 CVE-2021-39946 Cross-site Scripting vulnerability in Gitlab
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis
network
low complexity
gitlab CWE-79
5.4
5.4
2022-01-18 CVE-2022-0090 Improper Privilege Management vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-269
6.5
6.5
2022-01-18 CVE-2022-0093 Unspecified vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab
4.3
4.3
2022-01-18 CVE-2022-0124 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-116
4.3
4.3
2022-01-18 CVE-2022-0125 Missing Authorization vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
low complexity
gitlab CWE-862
4.3
4.3
2022-01-18 CVE-2022-0151 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
low complexity
gitlab
4.9
4.9
2022-01-18 CVE-2022-0152 Missing Authorization vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2.
network
low complexity
gitlab CWE-862
6.5
6.5
2022-01-18 CVE-2022-0172 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3.
network
low complexity
gitlab
6.5
6.5
2021-12-13 CVE-2021-39910 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
network
low complexity
gitlab CWE-79
4.3
4.3