CVE-2021-39945 |
Low |
Yes |
Access restriction bypass |
Improper access control in the GitLab API affecting all versions before version 14.5.2 allows an author of a Merge Request to approve the Merge Request even... |
CVE-2021-39944 |
High |
Yes |
Privilege escalation |
An issue has been discovered in GitLab before version 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their... |
CVE-2021-39941 |
Low |
Yes |
Information disclosure |
An information disclosure vulnerability in GitLab before version 14.5.2 allowed non-project members to see the default branch name for projects that... |
CVE-2021-39940 |
Medium |
Yes |
Denial of service |
An issue has been discovered in GitLab before version 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a... |
CVE-2021-39938 |
Low |
Yes |
Denial of service |
A vulnerable regular expression pattern in GitLab before version 14.5.2 allows an attacker to cause uncontrolled resource consumption leading to Denial of... |
CVE-2021-39937 |
Medium |
Yes |
Privilege escalation |
A collision in access memoization logic in all versions of GitLab before version 14.5.2 leads to potential elevated privileges in groups and projects under... |
CVE-2021-39936 |
Low |
Yes |
Access restriction bypass |
Improper access control in GitLab before version 14.5.2 allows an attacker in possession of a deploy token to access a project's disabled wiki. |
CVE-2021-39935 |
Medium |
Yes |
Access restriction bypass |
An issue has been discovered in GitLab before version 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API. |
CVE-2021-39934 |
Medium |
Yes |
Information disclosure |
Improper access control allows any project member to retrieve the service desk email address in GitLab before version 14.5.2. |
CVE-2021-39933 |
Medium |
Yes |
Denial of service |
An issue has been discovered in GitLab before version 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to... |
CVE-2021-39932 |
Medium |
Yes |
Denial of service |
An issue has been discovered in GitLab before version 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users... |
CVE-2021-39931 |
Low |
Yes |
Access restriction bypass |
An issue has been discovered in GitLab before version 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected... |
CVE-2021-39919 |
Medium |
No |
Information disclosure |
In all versions of GitLab before version 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure. |
CVE-2021-39917 |
Medium |
Yes |
Denial of service |
An issue has been discovered in GitLab before version 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic... |
CVE-2021-39915 |
Medium |
Yes |
Information disclosure |
Improper access control in the GraphQL API in GitLab before version 14.5.2 allows an attacker to see the names of project access tokens on arbitrary projects. |
CVE-2021-39910 |
Low |
Yes |
Content spoofing |
An issue has been discovered in GitLab before version 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. |