Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  Security Vulnerabilities
CVE-2021-22166
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVSS Score
5.3
EPSS Score
0.014
Published
2021-01-15
CVE-2021-22167
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVSS Score
5.3
EPSS Score
0.016
Published
2021-01-15
CVE-2021-22168
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVSS Score
4.3
EPSS Score
0.01
Published
2021-01-15
CVE-2021-22171
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVSS Score
7.3
EPSS Score
0.013
Published
2021-01-15
CVE-2020-26414
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
CVSS Score
4.3
EPSS Score
0.015
Published
2021-01-15
CVE-2020-26411
A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
CVSS Score
4.3
EPSS Score
0.012
Published
2020-12-11
CVE-2020-13357
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
CVSS Score
4.3
EPSS Score
0.008
Published
2020-12-11
CVE-2020-26408
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile
CVSS Score
5.3
EPSS Score
0.01
Published
2020-12-11
CVE-2020-26412
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
CVSS Score
3.1
EPSS Score
0.01
Published
2020-12-11
CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
CVSS Score
5.3
EPSS Score
0.338
Published
2020-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved