| CVE-2021-22221 |
Medium |
Yes |
Authentication bypass |
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.12.2. Insufficient expired password validation in various... |
| CVE-2021-22220 |
Medium |
Yes |
Cross-site scripting |
An issue has been discovered in GitLab affecting all versions starting with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross- site scripting... |
| CVE-2021-22219 |
Medium |
Yes |
Information disclosure |
GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege user to obtain sensitive information from log files because the sensitive information... |
| CVE-2021-22218 |
Low |
Yes |
Content spoofing |
All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof... |
| CVE-2021-22217 |
Medium |
Yes |
Denial of service |
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a... |
| CVE-2021-22216 |
Medium |
Yes |
Denial of service |
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a very... |
| CVE-2021-22214 |
Medium |
Yes |
Access restriction bypass |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting... |
| CVE-2021-22213 |
High |
Yes |
Information disclosure |
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an OAuth access... |
| CVE-2021-22181 |
High |
Yes |
Denial of service |
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 before 13.12.2 allows an attacker to create a recursive pipeline... |