| CVE-2021-22203 |
High |
Yes |
Arbitrary filesystem access |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary... |
| CVE-2021-22202 |
Low |
Yes |
Cross-site request forgery |
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a cross- site request... |
| CVE-2021-22201 |
Critical |
Yes |
Directory traversal |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. The... |
| CVE-2021-22200 |
Medium |
Yes |
Information disclosure |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an... |
| CVE-2021-22199 |
Low |
Yes |
Cross-site scripting |
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored cross-site scripting (XSS) attack if... |
| CVE-2021-22198 |
Medium |
Yes |
Access restriction bypass |
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of... |
| CVE-2021-22197 |
Low |
Yes |
Denial of service |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific... |
| CVE-2021-22196 |
Medium |
Yes |
Cross-site scripting |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site- scripting in merge... |