An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
CVSS Score
6.8
EPSS Score
0.01
Published
2021-08-20
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.
CVSS Score
3.1
EPSS Score
0.003
Published
2021-08-20
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.
CVSS Score
8.7
EPSS Score
0.002
Published
2021-08-05
Page 44