Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 13.11.6  Security Vulnerabilities
CVE-2021-39878
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.
CVSS Score
5.8
EPSS Score
0.002
Published
2021-10-05
CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-10-05
CVE-2021-39884
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-05
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-05
CVE-2021-39893
A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-10-05
CVE-2021-39894
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-05
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-05
CVE-2021-39867
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-10-05
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
CVSS Score
7.3
EPSS Score
0.002
Published
2021-10-05
CVE-2021-39874
In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved