Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 12.9.5  Security Vulnerabilities
CVE-2021-22199
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.
CVSS Score
3.5
EPSS Score
0.002
Published
2021-04-22
CVE-2021-22202
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
CVSS Score
2.4
EPSS Score
0.002
Published
2021-04-02
CVE-2021-22197
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
CVSS Score
3.5
EPSS Score
0.004
Published
2021-04-02
CVE-2021-22200
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-04-02
CVE-2021-22177
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-04-01
CVE-2021-22172
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
CVSS Score
4.3
EPSS Score
0.003
Published
2021-03-26
CVE-2021-22184
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-03-26
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis.
CVSS Score
5.7
EPSS Score
0.0
Published
2021-03-26
CVE-2021-22186
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
CVSS Score
4.9
EPSS Score
0.002
Published
2021-03-24
CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
CVSS Score
3.5
EPSS Score
0.003
Published
2021-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved