Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 7.11.0  Security Vulnerabilities
CVE-2021-22243
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.
CVSS Score
5.0
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22245
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view
CVSS Score
2.7
EPSS Score
0.004
Published
2021-08-25
CVE-2021-22246
A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.
CVSS Score
7.7
EPSS Score
0.002
Published
2021-08-20
CVE-2021-22228
An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-07-06
CVE-2021-22216
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-08
CVE-2021-22217
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request
CVSS Score
6.5
EPSS Score
0.007
Published
2021-06-08
CVE-2021-22213
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
CVSS Score
8.8
EPSS Score
0.01
Published
2021-06-08
CVE-2021-22202
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
CVSS Score
2.4
EPSS Score
0.002
Published
2021-04-02
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis.
CVSS Score
5.7
EPSS Score
0.0
Published
2021-03-26
CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
CVSS Score
3.5
EPSS Score
0.003
Published
2021-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved