|
197731
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthen…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22175
|
2024-11-21 14:49 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197732
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
|
CWE-79
Cross-site Scripting
|
CVE-2021-22220
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197733
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge requ…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22216
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197734
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-22221
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197735
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obta…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-22219
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197736
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or me…
|
NVD-CWE-Other
|
CVE-2021-22217
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197737
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Saf…
|
NVD-CWE-Other
|
CVE-2021-22213
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197738
|
2.6 |
LOW
Network
|
gitlab
|
gitlab
|
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the h…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-22218
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197739
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
|
NVD-CWE-noinfo
|
CVE-2021-22215
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197740
|
8.6 |
HIGH
Network
|
gitlab
|
gitlab
|
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an un…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-22214
|
2024-11-21 14:49 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
