GitLab 14.3.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:community:*:*:*
part: a version: 14.3.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.272833 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-39900 |
vulnerable | 2026-06-03 14:45:09.840012 |
Details available
LOW (2)
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Published: 2021-10-04T16:45:45.000Z
Updated: 2024-08-04T02:20:33.699Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39898 |
vulnerable | 2026-06-03 14:45:09.839169 |
Details available
LOW (3.7)
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Published: 2021-11-04T23:21:32.000Z
Updated: 2024-08-04T02:20:33.663Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39895 |
vulnerable | 2026-06-03 14:45:09.834121 |
Details available
MEDIUM (6)
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
Published: 2021-11-04T23:11:51.000Z
Updated: 2024-08-04T02:20:33.884Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39894 |
vulnerable | 2026-06-03 14:45:09.833691 |
Details available
MEDIUM (5.4)
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.
Published: 2021-10-05T12:33:05.000Z
Updated: 2024-08-04T02:20:33.670Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39892 |
vulnerable | 2026-06-03 14:45:09.832884 |
Details available
MEDIUM (4.3)
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Published: 2022-01-18T16:52:13.000Z
Updated: 2024-08-04T02:20:33.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39890 |
vulnerable | 2026-06-03 14:45:09.830514 |
Details available
LOW (3.1)
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
Published: 2021-12-06T17:34:34.000Z
Updated: 2024-08-04T02:20:33.754Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.