Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-22187 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. | 4.3 |
| 2021-01-15 | CVE-2021-22171 | Improper Authentication vulnerability in Gitlab Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | 6.5 |
| 2021-01-15 | CVE-2021-22168 | Resource Exhaustion vulnerability in Gitlab A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. | 6.5 |
| 2021-01-15 | CVE-2020-26414 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.4. | 6.5 |
| 2020-12-11 | CVE-2020-26411 | Improper Resource Shutdown or Release vulnerability in Gitlab A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). | 4.3 |
| 2020-12-11 | CVE-2020-26417 | Information Exposure vulnerability in Gitlab Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. | 5.3 |
| 2020-12-11 | CVE-2020-26416 | Information Exposure Through Log Files vulnerability in Gitlab Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. | 4.4 |
| 2020-12-11 | CVE-2020-26415 | Missing Authorization vulnerability in Gitlab Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. | 4.3 |
| 2020-12-11 | CVE-2020-26413 | Information Exposure vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. | 5.3 |
| 2020-12-11 | CVE-2020-26412 | Unspecified vulnerability in Gitlab Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | 4.3 |