U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:13.8.5:*:*:*:community:*:*:*
  • CPE Name Search: true
There are 306 matching records.
Displaying matches 301 through 306.
Vuln ID Summary CVSS Severity
CVE-2021-22202

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.

Published: April 02, 2021; 1:15:13 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-22200

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.

Published: April 02, 2021; 1:15:12 PM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-22198

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.

Published: April 02, 2021; 1:15:12 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other

Published: April 02, 2021; 1:15:12 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-22196

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.

Published: April 02, 2021; 1:15:12 PM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-22192

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.

Published: March 24, 2021; 1:15:14 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM