Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22166PUBLISHED: 2021-01-15An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVE-2021-22167PUBLISHED: 2021-01-15An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168PUBLISHED: 2021-01-15A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171PUBLISHED: 2021-01-15Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2020-26414PUBLISHED: 2021-01-15An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
User Rank: Apprentice
10/7/2020 | 6:32:04 AM