GitLab 14.4.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:enterprise:*:*:*
part: a version: 14.4.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.277867 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-39914 |
vulnerable | 2026-06-03 14:45:09.851487 |
Details available
LOW (3.1)
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
Published: 2021-11-04T22:39:17.000Z
Updated: 2024-08-04T02:20:33.786Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39909 |
vulnerable | 2026-06-03 14:45:09.849465 |
Details available
MEDIUM (5.3)
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
Published: 2021-11-04T23:03:27.000Z
Updated: 2024-08-04T02:20:33.725Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39908 |
vulnerable | 2026-06-03 14:45:09.849052 |
Details available
MEDIUM (6.5)
In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.
Published: 2022-04-01T22:17:38.000Z
Updated: 2024-08-04T02:20:33.693Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39903 |
vulnerable | 2026-06-03 14:45:09.844344 |
Details available
MEDIUM (6.5)
In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.
Published: 2021-11-04T22:42:01.000Z
Updated: 2024-08-04T02:20:33.686Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39902 |
vulnerable | 2026-06-03 14:45:09.843887 |
Details available
MEDIUM (4.3)
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
Published: 2021-11-04T22:40:34.000Z
Updated: 2024-08-04T02:20:33.778Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39901 |
vulnerable | 2026-06-03 14:45:09.843330 |
Details available
LOW (2.7)
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
Published: 2021-11-04T23:09:28.000Z
Updated: 2024-08-04T02:20:33.701Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.