Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39872: 2021/CVE-2021-39872.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

CVE
Open in Source

Related news

CVE-2021-39904: 2021/CVE-2021-39904.json · master · GitLab.org / cves · GitLab

An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

CVE-2021-22258: 2021/CVE-2021-22258.json · master · GitLab.org / cves · GitLab

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

CVE-2021-39866: 2021/CVE-2021-39866.json · master · GitLab.org / cves · GitLab

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.

CVE-2021-39871: 2021/CVE-2021-39871.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.

CVE-2021-39868: HackerOne

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE