gitlab
1,423 tracked vulnerabilities.
CVE-2021-39889
MEDIUM
GitLab 14.1.0-14.1.7 - Authorization Bypass via Protected Branch ID
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39886
LOW
GitLab 10.6.0-14.1.7 - Unauthenticated Confidential Epic Reference Exposure via Issue Move
Oct 05, 2021
CVSS 2.6
EPSS 0.01
CVE-2021-39881
LOW
GitLab 7.7.0-14.1.7 - OAuth Scope Spoofing via Arbitrary Scope Names
Oct 05, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-39870
MEDIUM
GitLab 11.11.0-14.1.7 - Unauthenticated Repository Import Bypass via Crafted API Call
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22264
MEDIUM
GitLab <14.0.9-14.1.4-14.2.2 - Info Disclosure
Oct 05, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-22262
MEDIUM
GitLab 13.12-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Incorrect Authorization in Jira Connect Namespace Management
Oct 05, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-22261
HIGH
GitLab 13.9-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Stored Cross-Site Scripting via Jira Integration
Oct 05, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-22258
MEDIUM
GitLab 8.9-14.0.8 - Unauthenticated Email Address Exposure via Project Import/Export
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22257
MEDIUM
GitLab <14.0.9-14.2.2 - Info Disclosure
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39894
MEDIUM
GitLab 8.0.0-14.1.7 - Server-Side Request Forgery via Fogbugz Importer DNS Rebinding
Oct 05, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-39893
MEDIUM
GitLab 9.1.0-14.1.6 - Unauthenticated Denial of Service via File Parsing
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39888
MEDIUM
GitLab EE <14.1.7, <14.2.5, <14.3.1 - Info Disclosure
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39884
MEDIUM
GitLab 8.13.0-14.1.7 - Unauthenticated Private Group Name Disclosure
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39882
MEDIUM
GitLab - Unauthenticated Cleartext Transmission of Sensitive Information via User ID Endpoints
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39878
MEDIUM
GitLab 13.0-14.3.1 - Stored Cross-Site Scripting in Jira Integration
Oct 05, 2021
CVSS 5.8
EPSS 0.01
CVE-2021-39875
MEDIUM
GitLab CE/EE <13.6 - Info Disclosure
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39872
MEDIUM
GitLab >=14.1.0 <14.1.7 - Improper Access Control via Expired Password Bypass
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39869
MEDIUM
GitLab CE/EE <8.9 - Info Disclosure
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39867
MEDIUM
GitLab 8.15.0-14.1.7 - Server-Side Request Forgery via Gitea Importer
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39866
MEDIUM
GitLab >=13.6.0 <14.1.7 - Persistent Access via Project Access Token
Oct 05, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-39887
HIGH
GitLab 8.4.0-14.1.7 - Stored Cross-Site Scripting in GitLab Flavored Markdown
Oct 05, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-39900
LOW
GitLab 10.8.0-14.1.6 - Information Disclosure via SendEntry Rails Log Exposure
Oct 04, 2021
CVSS 2.0
EPSS 0.01
CVE-2021-39899
LOW
GitLab < 14.1.7 - Weak Password Recovery Mechanism via Brute Force Attack
Oct 04, 2021
CVSS 2.9
EPSS 0.00
CVE-2021-39896
LOW
GitLab CE/EE <8.0 - Privilege Escalation
Oct 04, 2021
CVSS 3.8
EPSS 0.01
CVE-2021-39885
HIGH
GitLab 13.7.0-14.1.6, 14.2.0-14.2.4, 14.3.0 - Stored Cross-Site Scripting via Approval Rule Name
Oct 04, 2021
CVSS 8.7
EPSS 0.01