CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22226
https://notcve.org/view.php?id=CVE-2021-22226
06 Jul 2021 — Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 Bajo determinadas condiciones, algunos usuarios eran capaces de empujar a ramas protegidas que estaban restringidas a claves de despliegue en GitLab CE/EE desde la versión 13.9 • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22226.json •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22232
https://notcve.org/view.php?id=CVE-2021-22232
06 Jul 2021 — HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE Una inyección de HTML era posible por medio del campo full name en versiones anteriores a 13.11.6, 13.12.6 y 14.0.2 en GitLab CE • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22232.json • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22229
https://notcve.org/view.php?id=CVE-2021-22229
06 Jul 2021 — An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la versión 12.8. Bajo una condición especial era posible acceder a los datos de un repositorio interno por medio del fork del proyecto realizado por un miembro del proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22229.json •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-32823 – Potential Denial-of-Service in bindata
https://notcve.org/view.php?id=CVE-2021-32823
23 Jun 2021 — In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. • https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22181
https://notcve.org/view.php?id=CVE-2021-22181
11 Jun 2021 — A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. Una vulnerabilidad de denegación de servicio en GitLab CE/EE que afecta a todas las versiones desde 11.8, permite a un atacante crear una relación de pipeline recursiva y agotar los recursos • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22181.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22175
https://notcve.org/view.php?id=CVE-2021-22175
11 Jun 2021 — When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled Cuando se habilitan las peticiones a la red interna para los webhooks, una vulnerabilidad de tipo server-side request forgery en GitLab que afecta a todas las versiones desde 10.5, era posible explotar por un atacante no autenticado inclus... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22216
https://notcve.org/view.php?id=CVE-2021-22216
08 Jun 2021 — A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description Una vulnerabilidad de denegación de servicio en GitLab CE/EE todas las versiones anteriores a 13.12.2, 13.11.5 o 13.10.5, permite a un atacante causar un consumo no controlado de recursos con una descripción de petición de emisión o fusión muy larga • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22216.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22220
https://notcve.org/view.php?id=CVE-2021-22220
08 Jun 2021 — An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks. Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la versión 13.10. GitLab era vulnerable a un ataque de tipo XSS almacenado en el visualizador de blob de cuadernos • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22220.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22221
https://notcve.org/view.php?id=CVE-2021-22221
08 Jun 2021 — An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la versión 12.9.0 versiones anteriores a 13.10.5, a todas las versiones a partir de la versión 13.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22221.json • CWE-613: Insufficient Session Expiration •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22219
https://notcve.org/view.php?id=CVE-2021-22219
08 Jun 2021 — All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. Todas las versiones de GitLab CE/EE a partir de la 9.5 antes de la 13.10.5, todas las versiones a partir de la 13.11 antes de la 13.11.5 y todas las versiones a partir de la 13.12 antes de la 1... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22219.json • CWE-532: Insertion of Sensitive Information into Log File •