cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2021-22240,https://securityvulnerability.io/vulnerability/CVE-2021-22240,Improper Access Control in GitLab EE Affects User Management,"An improper access control vulnerability in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows unauthorized user creation via single sign-on, even when user caps are enforced. This could potentially lead to security risks by allowing unauthorized access to the system.",Gitlab,Gitlab Ee,4.2,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2021-08-05T19:25:09.000Z,0 CVE-2020-26412,https://securityvulnerability.io/vulnerability/CVE-2020-26412,Confidential Information Exposure in GitLab by Removed Group Members,"This vulnerability allows removed group members to access the To-Do functionality, enabling them to retrieve updated information on confidential epics. This exposure of sensitive data can lead to unauthorized access and compromises the integrity of the project's confidentiality. The issue affects multiple versions of GitLab EE, particularly those before 13.6.2.",Gitlab,Gitlab Ee,3.1,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2020-12-11T03:51:02.000Z,0 CVE-2020-26416,https://securityvulnerability.io/vulnerability/CVE-2020-26416,Information Disclosure in GitLab EE Advanced Search Component,"The Advanced Search component in GitLab EE reveals sensitive search terms in Rails logs, potentially exposing confidential user data. Affected versions include those from 8.4 to below 13.4.7, as well as specific releases from 13.5 and 13.6. This oversight could lead to unintended data exposure, making it critical for users to upgrade their installations to ensure the security of their sensitive information.",Gitlab,Gitlab Ee,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-11T03:34:03.000Z,0 CVE-2020-13349,https://securityvulnerability.io/vulnerability/CVE-2020-13349,Regular Expression Vulnerability in GitLab EE Affecting Multiple Versions,"A vulnerability exists in GitLab EE where the Advanced Search feature is prone to catastrophic backtracking due to an inefficient regular expression related to file paths. This affects GitLab versions starting from 8.12, with specific ranges identified that are susceptible to exploitation. Attackers could potentially leverage this flaw to degrade performance or cause denial of service, especially when processing complex search queries.",Gitlab,Gitlab Ee,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2020-11-17T18:22:32.000Z,0 CVE-2020-13348,https://securityvulnerability.io/vulnerability/CVE-2020-13348,Code Approval Bypass in GitLab EE,"A vulnerability exists in GitLab EE that allows an attacker to bypass CODEOWNERS file approval requirements. This issue impacts all versions starting from 10.2 and affects branches that do not contain the CODEOWNERS file, ultimately enabling unauthorized access to make changes without proper approval. Users are strongly advised to upgrade to patched versions to mitigate potential risks.",Gitlab,Gitlab Ee,5.7,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-17T18:11:51.000Z,0 CVE-2020-26406,https://securityvulnerability.io/vulnerability/CVE-2020-26406,Unauthorized Information Exposure in GitLab Enterprise Edition,"GitLab Enterprise Edition versions starting from 13.3 are susceptible to unauthorized information exposure. This vulnerability allows non-members of public projects and guest members of private projects to access sensitive SAST CiConfiguration data through GraphQL, potentially compromising the confidentiality of the project. Affected versions include specific ranges that should be monitored for appropriate patches.",Gitlab,Gitlab Ee,5.3,MEDIUM,0.0012499999720603228,false,,false,false,false,,,false,false,,2020-11-17T00:13:19.000Z,0 CVE-2019-15581,https://securityvulnerability.io/vulnerability/CVE-2019-15581,,"An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.",Gitlab,Gitlab Ee,5.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-01-28T02:43:00.000Z,0 CVE-2019-15582,https://securityvulnerability.io/vulnerability/CVE-2019-15582,,"An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.",Gitlab,Gitlab Ee,5.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-01-28T02:36:05.000Z,0 CVE-2019-15590,https://securityvulnerability.io/vulnerability/CVE-2019-15590,,"An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration",Gitlab,Gitlab Ee,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2020-01-28T02:31:05.000Z,0 CVE-2019-5474,https://securityvulnerability.io/vulnerability/CVE-2019-5474,,"An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.",Gitlab,Gitlab Ee,6.5,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2020-01-28T02:29:38.000Z,0 CVE-2019-5487,https://securityvulnerability.io/vulnerability/CVE-2019-5487,,"An improper access control vulnerability exists in Gitlab EE