Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  Security Vulnerabilities
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.
CVSS Score
4.3
EPSS Score
0.008
Published
2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.
CVSS Score
3.1
EPSS Score
0.006
Published
2021-05-06
CVE-2021-22205
Known exploited
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
CVSS Score
10.0
EPSS Score
0.997
Published
2021-04-23
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.
CVSS Score
3.5
EPSS Score
0.008
Published
2021-04-22
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVSS Score
8.5
EPSS Score
0.013
Published
2021-04-12
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
CVSS Score
2.4
EPSS Score
0.005
Published
2021-04-02
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.
CVSS Score
7.5
EPSS Score
0.014
Published
2021-04-02
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
CVSS Score
6.3
EPSS Score
0.009
Published
2021-04-02
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
CVSS Score
3.5
EPSS Score
0.008
Published
2021-04-02
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
CVSS Score
4.3
EPSS Score
0.011
Published
2021-04-02


Contact Us

Shodan ® - All rights reserved