Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-22239 | Incorrect Authorization vulnerability in Gitlab An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | 4.3 |
| 2021-08-25 | CVE-2021-22237 | Session Fixation vulnerability in Gitlab Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. | 4.9 |
| 2021-08-25 | CVE-2021-22242 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 5.4 |
| 2021-08-25 | CVE-2021-22243 | Incorrect Authorization vulnerability in Gitlab Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 4.3 |
| 2021-08-25 | CVE-2021-22244 | Unspecified vulnerability in Gitlab Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | 6.5 |
| 2021-08-25 | CVE-2021-22247 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | 4.3 |
| 2021-08-25 | CVE-2021-22250 | Unspecified vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | 5.4 |
| 2021-08-25 | CVE-2021-22256 | Incorrect Authorization vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | 5.4 |
| 2021-08-23 | CVE-2021-22248 | Unspecified vulnerability in Gitlab Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | 5.3 |
| 2021-08-23 | CVE-2021-22249 | Information Exposure Through an Error Message vulnerability in Gitlab A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | 4.3 |