Gitlab Security Vulnerabilities
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
6.5CVSS
6.2AI Score
0.001EPSS
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
5.3CVSS
5.3AI Score
0.001EPSS
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
4.8CVSS
4.6AI Score
0.001EPSS
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
5.3CVSS
5AI Score
0.001EPSS
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
5.3CVSS
5.3AI Score
0.001EPSS
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
5.3CVSS
3.6AI Score
0.001EPSS
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
6.1CVSS
6.1AI Score
0.002EPSS
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
8.8CVSS
8.2AI Score
0.002EPSS
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
5.3CVSS
4.8AI Score
0.002EPSS
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
5.3CVSS
4.9AI Score
0.001EPSS
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
4.3CVSS
4.3AI Score
0.001EPSS
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
6.1CVSS
5.7AI Score
0.003EPSS
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1
5.3CVSS
5.1AI Score
0.002EPSS
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1
6.1CVSS
6AI Score
0.003EPSS
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API
8.8CVSS
8.2AI Score
0.002EPSS
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
6.1CVSS
5.9AI Score
0.003EPSS
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
8.8CVSS
8.6AI Score
0.002EPSS
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
7.5CVSS
7.2AI Score
0.001EPSS
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
7.5CVSS
7.3AI Score
0.001EPSS
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
8.1CVSS
7.6AI Score
0.001EPSS
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
7.4CVSS
4.2AI Score
0.001EPSS
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
6.5CVSS
5.9AI Score
0.001EPSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
6.5CVSS
6.3AI Score
0.001EPSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
6.5CVSS
6.2AI Score
0.001EPSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
3.5CVSS
3.7AI Score
0.001EPSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
7.3CVSS
5AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
6.5CVSS
6.3AI Score
0.001EPSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
7.3CVSS
5AI Score
0.001EPSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
6.4CVSS
4.3AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
4.3CVSS
4.5AI Score
0.001EPSS
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
5.5CVSS
4.5AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
5.4CVSS
5.4AI Score
0.001EPSS
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
7.5CVSS
6.8AI Score
0.002EPSS
In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.
8.1CVSS
7.8AI Score
0.001EPSS
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
9.6CVSS
9.1AI Score
0.001EPSS
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
7.1CVSS
6.6AI Score
0.001EPSS
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
5.4CVSS
5.2AI Score
0.001EPSS
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens
8.8CVSS
8.4AI Score
0.002EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.
5.4CVSS
5.5AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
7.2CVSS
5.5AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.
8.1CVSS
7.5AI Score
0.001EPSS
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
10CVSS
9.1AI Score
0.002EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
5.5CVSS
4.7AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
7.2CVSS
6.5AI Score
0.002EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.
7.1CVSS
6.2AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.
7.2CVSS
6.8AI Score
0.002EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
4.3CVSS
4.5AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
7.5CVSS
7.1AI Score
0.002EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.
4.7CVSS
4.7AI Score
0.001EPSS
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.
2.7CVSS
3.8AI Score
0.001EPSS