CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39930
https://notcve.org/view.php?id=CVE-2021-39930
13 Dec 2021 — Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates Una falta de autorización en GitLab EE versiones entre la 12.4 y la 14.3.6, entre la 14.4.0 y la 14.4.4, y entre la 14.5.0 y la 14.5.2, permitía a un atacante acceder a las plantillas personalizadas de proyectos y grupos de un usuario • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39930.json • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39941
https://notcve.org/view.php?id=CVE-2021-39941
13 Dec 2021 — An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members Una vulnerabilidad de divulgación de información en GitLab CE/EE versiones 12.0 a 14.3.6, 14.4 a 14.4.4 y 14.5 a 14.5.2, permitía a los no miembros del proyecto visualizar el nombre de la rama por defecto de los proyectos que restringen el acceso al repositorio a lo... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39941.json • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39935
https://notcve.org/view.php?id=CVE-2021-39935
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 10.5 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14.5 anteriores a 14.5.2. Los... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39932
https://notcve.org/view.php?id=CVE-2021-39932
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 11.0 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39932.json • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39938
https://notcve.org/view.php?id=CVE-2021-39938
13 Dec 2021 — A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands Un patrón de expresión regular vulnerable en GitLab CE/EE desde la versión 8.15 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39938.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39937
https://notcve.org/view.php?id=CVE-2021-39937
13 Dec 2021 — A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances Una colisión en la lógica de memorización de acceso en todas las versiones de GitLab CE/EE anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las versiones a partir de 14.5 anteriores a 14.5.2, conlleva a poten... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39937.json • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39936
https://notcve.org/view.php?id=CVE-2021-39936
13 Dec 2021 — Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. Un control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones a partir de 10.7 anteriores a 14.3.6, a todas las versiones a partir de 14.4 anteriores a 14.4.4, a todas las versiones a partir de 14.5 anteriores a 14... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39936.json • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39931
https://notcve.org/view.php?id=CVE-2021-39931
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 8.11 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39931.json •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39945
https://notcve.org/view.php?id=CVE-2021-39945
13 Dec 2021 — Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked Un control de acceso inapropiado en la API de GitLab CE/EE afectando a todas las versiones a partir de 9.4 anteriores a 14.3.6, a todas las versiones a partir de 14.4 anteriores a 14.4.4, a todas las ve... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39945.json • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39944
https://notcve.org/view.php?id=CVE-2021-39944
13 Dec 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 11.0 anteriores a 14.3.6, todas las versiones a partir de 14.4 anteriores a 14.4.4, tod... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39944.json • CWE-269: Improper Privilege Management •