GitLab 14.3.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*
part: a version: 14.3.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.272835 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-39900 |
vulnerable | 2026-06-03 14:45:09.840028 |
Details available
LOW (2)
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Published: 2021-10-04T16:45:45.000Z
Updated: 2024-08-04T02:20:33.699Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39898 |
vulnerable | 2026-06-03 14:45:09.839186 |
Details available
LOW (3.7)
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
Published: 2021-11-04T23:21:32.000Z
Updated: 2024-08-04T02:20:33.663Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39895 |
vulnerable | 2026-06-03 14:45:09.834139 |
Details available
MEDIUM (6)
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
Published: 2021-11-04T23:11:51.000Z
Updated: 2024-08-04T02:20:33.884Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39894 |
vulnerable | 2026-06-03 14:45:09.833707 |
Details available
MEDIUM (5.4)
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.
Published: 2021-10-05T12:33:05.000Z
Updated: 2024-08-04T02:20:33.670Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39892 |
vulnerable | 2026-06-03 14:45:09.832901 |
Details available
MEDIUM (4.3)
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Published: 2022-01-18T16:52:13.000Z
Updated: 2024-08-04T02:20:33.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39890 |
vulnerable | 2026-06-03 14:45:09.830565 |
Details available
LOW (3.1)
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
Published: 2021-12-06T17:34:34.000Z
Updated: 2024-08-04T02:20:33.754Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39888 |
vulnerable | 2026-06-03 14:45:09.827611 |
Details available
MEDIUM (4.3)
In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.
Published: 2021-10-05T12:20:58.000Z
Updated: 2024-08-04T02:20:33.655Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39885 |
vulnerable | 2026-06-03 14:45:09.826450 |
Details available
HIGH (8.7)
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
Published: 2021-10-04T16:33:54.000Z
Updated: 2024-08-04T02:20:33.578Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39883 |
vulnerable | 2026-06-03 14:45:09.825502 |
Details available
MEDIUM (4.3)
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.
Published: 2021-10-04T16:49:32.000Z
Updated: 2024-08-04T02:20:33.672Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.