Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 13.7  Security Vulnerabilities
CVE-2021-22247
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22250
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-25
CVE-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22237
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2
CVSS Score
6.6
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22242
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
CVSS Score
8.7
EPSS Score
0.023
Published
2021-08-25
CVE-2021-22253
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed
CVSS Score
4.9
EPSS Score
0.003
Published
2021-08-23
CVE-2021-22249
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group
CVSS Score
4.3
EPSS Score
0.003
Published
2021-08-23
CVE-2021-22238
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
CVSS Score
6.8
EPSS Score
0.01
Published
2021-08-20
CVE-2021-22246
A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.
CVSS Score
7.7
EPSS Score
0.002
Published
2021-08-20
CVE-2021-22254
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.
CVSS Score
3.1
EPSS Score
0.003
Published
2021-08-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved