Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39868: HackerOne

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.

CVE
Open in Source

Related news

CVE-2021-39905: HackerOne

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with

CVE-2021-22258: 2021/CVE-2021-22258.json · master · GitLab.org / cves · GitLab

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

CVE-2021-39866: 2021/CVE-2021-39866.json · master · GitLab.org / cves · GitLab

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.

CVE-2021-39872: 2021/CVE-2021-39872.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

CVE-2021-39884: HackerOne

In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.

CVE-2021-39871: 2021/CVE-2021-39871.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE