Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 8.9.5  Security Vulnerabilities
CVE-2021-22213
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
CVSS Score
8.8
EPSS Score
0.01
Published
2021-06-08
CVE-2021-22202
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
CVSS Score
2.4
EPSS Score
0.002
Published
2021-04-02
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis.
CVSS Score
5.7
EPSS Score
0.0
Published
2021-03-26
CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
CVSS Score
3.5
EPSS Score
0.003
Published
2021-03-24
CVE-2021-22176
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
CVSS Score
4.3
EPSS Score
0.003
Published
2021-03-24
CVE-2021-22189
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-03-04
CVE-2021-22187
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-02
CVE-2020-26416
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
CVSS Score
4.0
EPSS Score
0.0
Published
2020-12-11
CVE-2020-13356
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVSS Score
8.2
EPSS Score
0.002
Published
2020-11-19
CVE-2020-13350
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.
CVSS Score
3.1
EPSS Score
0.001
Published
2020-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved