Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  Security Vulnerabilities
CVE-2021-39915
Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
CVSS Score
5.3
EPSS Score
0.003
Published
2021-12-13
CVE-2021-39916
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-12-13
CVE-2021-39917
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.
CVSS Score
4.3
EPSS Score
0.004
Published
2021-12-13
CVE-2021-39918
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
CVSS Score
3.1
EPSS Score
0.002
Published
2021-12-13
CVE-2021-22170
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
CVSS Score
6.2
EPSS Score
0.001
Published
2021-12-06
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
CVSS Score
3.1
EPSS Score
0.001
Published
2021-12-06
CVE-2021-39907
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-11-05
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-05
CVE-2021-39911
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
CVSS Score
1.7
EPSS Score
0.002
Published
2021-11-05
CVE-2021-39912
A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved