gitlab

1,423 tracked vulnerabilities.

CVE-2021-39889 MEDIUM
GitLab 14.1.0-14.1.7 - Authorization Bypass via Protected Branch ID
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39886 LOW
GitLab 10.6.0-14.1.7 - Unauthenticated Confidential Epic Reference Exposure via Issue Move
Oct 05, 2021
CVSS 2.6
EPSS 0.01
CVE-2021-39881 LOW
GitLab 7.7.0-14.1.7 - OAuth Scope Spoofing via Arbitrary Scope Names
Oct 05, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-39870 MEDIUM
GitLab 11.11.0-14.1.7 - Unauthenticated Repository Import Bypass via Crafted API Call
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22264 MEDIUM
GitLab <14.0.9-14.1.4-14.2.2 - Info Disclosure
Oct 05, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-22262 MEDIUM
GitLab 13.12-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Incorrect Authorization in Jira Connect Namespace Management
Oct 05, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-22261 HIGH
GitLab 13.9-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Stored Cross-Site Scripting via Jira Integration
Oct 05, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-22258 MEDIUM
GitLab 8.9-14.0.8 - Unauthenticated Email Address Exposure via Project Import/Export
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22257 MEDIUM
GitLab <14.0.9-14.2.2 - Info Disclosure
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39894 MEDIUM
GitLab 8.0.0-14.1.7 - Server-Side Request Forgery via Fogbugz Importer DNS Rebinding
Oct 05, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-39893 MEDIUM
GitLab 9.1.0-14.1.6 - Unauthenticated Denial of Service via File Parsing
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39888 MEDIUM
GitLab EE <14.1.7, <14.2.5, <14.3.1 - Info Disclosure
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39884 MEDIUM
GitLab 8.13.0-14.1.7 - Unauthenticated Private Group Name Disclosure
Oct 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39882 MEDIUM
GitLab - Unauthenticated Cleartext Transmission of Sensitive Information via User ID Endpoints
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39878 MEDIUM
GitLab 13.0-14.3.1 - Stored Cross-Site Scripting in Jira Integration
Oct 05, 2021
CVSS 5.8
EPSS 0.01
CVE-2021-39875 MEDIUM
GitLab CE/EE <13.6 - Info Disclosure
Oct 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39872 MEDIUM
GitLab >=14.1.0 <14.1.7 - Improper Access Control via Expired Password Bypass
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39869 MEDIUM
GitLab CE/EE <8.9 - Info Disclosure
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39867 MEDIUM
GitLab 8.15.0-14.1.7 - Server-Side Request Forgery via Gitea Importer
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39866 MEDIUM
GitLab >=13.6.0 <14.1.7 - Persistent Access via Project Access Token
Oct 05, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-39887 HIGH
GitLab 8.4.0-14.1.7 - Stored Cross-Site Scripting in GitLab Flavored Markdown
Oct 05, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-39900 LOW
GitLab 10.8.0-14.1.6 - Information Disclosure via SendEntry Rails Log Exposure
Oct 04, 2021
CVSS 2.0
EPSS 0.01
CVE-2021-39899 LOW
GitLab < 14.1.7 - Weak Password Recovery Mechanism via Brute Force Attack
Oct 04, 2021
CVSS 2.9
EPSS 0.00
CVE-2021-39896 LOW
GitLab CE/EE <8.0 - Privilege Escalation
Oct 04, 2021
CVSS 3.8
EPSS 0.01
CVE-2021-39885 HIGH
GitLab 13.7.0-14.1.6, 14.2.0-14.2.4, 14.3.0 - Stored Cross-Site Scripting via Approval Rule Name
Oct 04, 2021
CVSS 8.7
EPSS 0.01