|
199701
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22177
|
2024-11-21 14:49 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199702
|
6.5 |
MEDIUM
Network
|
vmware
|
cloud_foundation
vrealize_suite_lifecycle_manager
vrealize_operations_manager
|
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager A…
|
NVD-CWE-noinfo
|
CVE-2021-21983
|
2024-11-21 14:49 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199703
|
7.5 |
HIGH
Network
|
vmware
|
cloud_foundation
vrealize_suite_lifecycle_manager
vrealize_operations_manager
|
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Serve…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-21975
|
2024-11-21 14:49 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199704
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
In all versions of GitLab, marshalled session keys were being stored in Redis.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-22194
|
2024-11-21 14:49 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199705
|
5.5 |
MEDIUM
Local
|
gitlab
|
gitlab
|
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-22184
|
2024-11-21 14:49 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199706
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2021-22180
|
2024-11-21 14:49 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199707
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
|
CWE-200
Information Exposure
|
CVE-2021-22172
|
2024-11-21 14:49 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199708
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-22169
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199709
|
3.5 |
LOW
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-22193
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199710
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
|
NVD-CWE-noinfo
|
CVE-2021-22192
|
2024-11-21 14:49 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
