AVG-2023 log

Package gitlab
Status Fixed
Severity High
Type multiple issues
Affected 13.11.3-1
Fixed 13.12.2-1
Current 14.2.3-1 [community]
Ticket None
Created Tue Jun 1 19:32:42 2021
Issue Severity Remote Type Description
CVE-2021-22221 Medium Yes Authentication bypass
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.12.2. Insufficient expired password validation in various...
CVE-2021-22220 Medium Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross- site scripting...
CVE-2021-22219 Medium Yes Information disclosure
GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege user to obtain sensitive information from log files because the sensitive information...
CVE-2021-22218 Low Yes Content spoofing
All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof...
CVE-2021-22217 Medium Yes Denial of service
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a...
CVE-2021-22216 Medium Yes Denial of service
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a very...
CVE-2021-22214 Medium Yes Access restriction bypass
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting...
CVE-2021-22213 High Yes Information disclosure
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an OAuth access...
CVE-2021-22181 High Yes Denial of service
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 before 13.12.2 allows an attacker to create a recursive pipeline...
Date Advisory Package Type
09 Jun 2021 ASA-202106-21 gitlab multiple issues