Exposure of GitLab
Development, Issue trackers331
exposure score
761
sites use
4
exploited
24
critical
CVEs
1,068 resultsCVE-2020-13324MEDIUMA vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed viEPSS 1.0%CVE-2021-39877HIGHA vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with EPSS 1.0%CVE-2020-13307LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 faEPSS 1.0%CVE-2023-0756MEDIUMAn issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions sEPSS 1.0%CVE-2021-39888MEDIUMIn all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting froEPSS 1.0%CVE-2021-22244LOWImproper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulneEPSS 1.0%CVE-2021-22182LOWAn issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.EPSS 1.0%CVE-2021-22200MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access EPSS 1.0%CVE-2020-26412LOWRemoved group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 1EPSS 1.0%CVE-2021-22176MEDIUMAn issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members toEPSS 1.0%CVE-2021-22168MEDIUMA regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.EPSS 1.0%CVE-2021-22231LOWA denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile paEPSS 1.0%CVE-2021-22234CRITICALAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 befEPSS 1.0%CVE-2020-13292CRITICALIn GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.EPSS 1.0%CVE-2022-2455MEDIUMA business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting EPSS 1.0%CVE-2021-22259MEDIUMA potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.EPSS 1.0%CVE-2021-22241HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripEPSS 1.0%CVE-2021-22193LOWAn issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use ofEPSS 1.0%CVE-2023-6159MEDIUMInefficient Regular Expression Complexity in GitLabEPSS 1.0%CVE-2022-1120MEDIUMMissing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2EPSS 1.0%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →