CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39927
https://notcve.org/view.php?id=CVE-2021-39927
18 Jan 2022 — Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 Las protecciones contra la falsificación de solicitudes del lado del servidor en las versiones de GitLab CE/EE entre 8.4 y 14.4.4, entre 14.5.0 y 14.5.2, y entre 14.6.0 y 14.6.1 fallaban en la protección contra los at... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39927.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39935
https://notcve.org/view.php?id=CVE-2021-39935
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 10.5 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14.5 anteriores a 14.5.2. Los... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39932
https://notcve.org/view.php?id=CVE-2021-39932
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 11.0 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39932.json • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39938
https://notcve.org/view.php?id=CVE-2021-39938
13 Dec 2021 — A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands Un patrón de expresión regular vulnerable en GitLab CE/EE desde la versión 8.15 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39938.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39937
https://notcve.org/view.php?id=CVE-2021-39937
13 Dec 2021 — A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances Una colisión en la lógica de memorización de acceso en todas las versiones de GitLab CE/EE anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14.5 anteriores a 14.5.2, conlleva a poten... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39937.json • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39936
https://notcve.org/view.php?id=CVE-2021-39936
13 Dec 2021 — Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. Un control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones a partir de 10.7 anteriores a 14.3.6, a todas las versiones a partir de 14.4 anteriores a 14.4.4, a todas las versiones a partir de 14.5 anteriores a 14... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39936.json • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39931
https://notcve.org/view.php?id=CVE-2021-39931
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 8.11 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39931.json •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39945
https://notcve.org/view.php?id=CVE-2021-39945
13 Dec 2021 — Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked Un control de acceso inapropiado en la API de GitLab CE/EE afectando a todas las versiones a partir de 9.4 anteriores a 14.3.6, a todas las versiones a partir de 14.4 anteriores a 14.4.4, a todas las ve... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39945.json • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39944
https://notcve.org/view.php?id=CVE-2021-39944
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 11.0 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, tod... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39944.json • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39918
https://notcve.org/view.php?id=CVE-2021-39918
13 Dec 2021 — Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed. Una Autorización Incorrecta en GitLab EE afectando a todas las versiones a partir de 11.1 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14.5 anteriores a 14.5.2, permite a un usuario a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39918.json • CWE-863: Incorrect Authorization •