CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39927
https://notcve.org/view.php?id=CVE-2021-39927
18 Jan 2022 — Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 Las protecciones contra la falsificación de solicitudes del lado del servidor en las versiones de GitLab CE/EE entre 8.4 y 14.4.4, entre 14.5.0 y 14.5.2, y entre 14.6.0 y 14.6.1 fallaban en la protección contra los at... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39927.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0172
https://notcve.org/view.php?id=CVE-2022-0172
18 Jan 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 12.3. Bajo determinadas condiciones era posible omitir la restricción de IP para proyectos públicos mediante GraphQL permitiendo a usuarios n... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0172.json •