Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  Security Vulnerabilities
CVE-2021-22244
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data
CVSS Score
3.1
EPSS Score
0.003
Published
2021-08-25
CVE-2021-22245
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view
CVSS Score
2.7
EPSS Score
0.004
Published
2021-08-25
CVE-2021-22247
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22250
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-25
CVE-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22237
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2
CVSS Score
6.6
EPSS Score
0.002
Published
2021-08-25
CVE-2021-22242
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
CVSS Score
8.7
EPSS Score
0.025
Published
2021-08-25
CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers
CVSS Score
6.5
EPSS Score
0.003
Published
2021-08-23
CVE-2021-22253
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed
CVSS Score
4.9
EPSS Score
0.003
Published
2021-08-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved