Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-22258: 2021/CVE-2021-22258.json · master · GitLab.org / cves · GitLab

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

CVE

Related news

CVE-2021-39904: 2021/CVE-2021-39904.json · master · GitLab.org / cves · GitLab

An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

CVE-2021-39866: 2021/CVE-2021-39866.json · master · GitLab.org / cves · GitLab

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.

CVE-2021-39872: 2021/CVE-2021-39872.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

CVE-2021-39871: 2021/CVE-2021-39871.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.

CVE-2021-39868: HackerOne

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907