U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:7.10.0:rc2:*:*:community:*:*:*
  • CPE Name Search: true
There are 209 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2021-22216

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description

Published: June 08, 2021; 4:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-22217

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request

Published: June 08, 2021; 3:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-22213

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

Published: June 08, 2021; 3:15:07 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-22202

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.

Published: April 02, 2021; 1:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-22194

In all versions of GitLab, marshalled session keys were being stored in Redis.

Published: March 26, 2021; 4:15:12 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-22193

An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.

Published: March 24, 2021; 1:15:14 PM -0400
V3.1: 3.5 LOW
V2.0: 3.5 LOW
CVE-2021-22176

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests

Published: March 24, 2021; 1:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-22189

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.

Published: March 04, 2021; 10:15:13 AM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22187

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.

Published: March 02, 2021; 2:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.

Published: November 17, 2020; 1:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-13340

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

Published: October 08, 2020; 10:15:11 AM -0400
V3.1: 8.7 HIGH
V2.0: 3.5 LOW
CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.

Published: October 08, 2020; 10:15:11 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.0 MEDIUM
CVE-2020-13331

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.

Published: September 30, 2020; 2:15:20 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-13330

An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.

Published: September 30, 2020; 2:15:19 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-13329

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.

Published: September 30, 2020; 2:15:19 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.

Published: September 30, 2020; 2:15:19 PM -0400
V3.1: 8.3 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-13320

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.

Published: September 30, 2020; 2:15:19 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-13319

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.

Published: September 30, 2020; 2:15:19 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-13296

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens

Published: September 30, 2020; 2:15:19 PM -0400
V3.1: 8.8 HIGH
V2.0: 7.5 HIGH
CVE-2020-13315

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.

Published: September 14, 2020; 6:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM