CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab : Security Vulnerabilities Published In 2021 (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39941 200 +Info 2021-12-13 2021-12-15
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
2 CVE-2021-39888 200 +Info 2021-10-05 2021-10-12
4.0
None Remote Low ??? Partial None None
In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.
3 CVE-2021-39875 200 +Info 2021-10-05 2021-10-12
5.0
None Remote Low Not required Partial None None
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
4 CVE-2021-39869 200 +Info 2021-10-05 2021-10-12
4.3
None Remote Medium Not required Partial None None
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
5 CVE-2021-22233 200 +Info 2021-07-07 2021-07-09
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
6 CVE-2021-22219 532 +Info 2021-06-08 2021-06-15
4.0
None Remote Low ??? Partial None None
GitLab CE/EE since version 9.5 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
7 CVE-2021-22215 668 +Info 2021-06-08 2021-07-07
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
8 CVE-2021-22213 200 +Info 2021-06-08 2021-06-15
4.3
None Remote Medium Not required Partial None None
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
9 CVE-2021-22184 200 +Info 2021-03-26 2021-03-30
2.1
None Local Low Not required Partial None None
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
10 CVE-2021-22169 200 +Info 2021-03-24 2021-03-25
4.0
None Remote Low ??? Partial None None
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
Total number of vulnerabilities : 10   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.