| CVE-2021-39889 |
Medium |
Yes |
Information disclosure |
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name... |
| CVE-2021-39888 |
Medium |
Yes |
Information disclosure |
In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and... |
| CVE-2021-39885 |
High |
Yes |
Cross-site scripting |
A Stored cross-site scripting security issue in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary... |
| CVE-2021-39884 |
Medium |
Yes |
Information disclosure |
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that... |
| CVE-2021-39883 |
Medium |
Yes |
Information disclosure |
Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups. |
| CVE-2021-22259 |
Medium |
Yes |
Denial of service |
A potential denial of service vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. |