Log

CVE-2021-22216 edited at 08 Jun 2021 16:55:44
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description.
References
+ https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
+ https://gitlab.com/gitlab-org/gitlab/-/issues/329890
CVE-2021-22215 edited at 08 Jun 2021 16:55:44
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects.
References
+ https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
+ https://gitlab.com/gitlab-org/gitlab/-/issues/328668
CVE-2021-22214 edited at 08 Jun 2021 16:55:44
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
References
+ https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
+ https://gitlab.com/gitlab-org/gitlab/-/issues/322926
+ https://hackerone.com/reports/1110131
CVE-2021-22213 edited at 08 Jun 2021 16:55:44
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari.
References
+ https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
+ https://gitlab.com/gitlab-org/gitlab/-/issues/300308
+ https://hackerone.com/reports/1089277
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22215 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22220 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22214 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22217 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22216 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22221 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes