Gitlab : Security Vulnerabilities, CVEs, Published In 2021 (Information Leak)
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
Max CVSS
5.3
EPSS Score
0.07%
Published
2021-12-13
Updated
2021-12-15
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
Max CVSS
4.4
EPSS Score
0.04%
Published
2021-12-13
Updated
2021-12-16
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
Max CVSS
4.3
EPSS Score
0.07%
Published
2021-11-05
Updated
2021-11-08
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Max CVSS
4.0
EPSS Score
0.05%
Published
2021-10-04
Updated
2022-07-12
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Max CVSS
5.3
EPSS Score
0.09%
Published
2021-11-05
Updated
2022-07-12
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
Max CVSS
6.0
EPSS Score
0.11%
Published
2021-11-05
Updated
2021-11-08
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
Max CVSS
4.3
EPSS Score
0.06%
Published
2021-07-07
Updated
2022-07-12
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
Max CVSS
7.5
EPSS Score
0.05%
Published
2021-06-08
Updated
2022-07-12
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
Max CVSS
6.2
EPSS Score
0.04%
Published
2021-03-26
Updated
2022-07-12
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
Max CVSS
4.3
EPSS Score
0.08%
Published
2021-03-26
Updated
2022-05-03
10 vulnerabilities found