The host is installed with GitLab CE/EE 14.7.x prior to 14.7.7, 14.8.x prior to 14.8.5, or 14.9.x prior to 14.9.2 and is prone to an account take over vulnerability. A flaw is present in the application, due to a hardcoded password set for accounts registered using an OmniAuth provider. Successful exploitation allows attackers to potentially take over accounts.
The host is installed with Gitlab-ee after 11.5, before 12.1.14, 12.2.0 before 12.2.8, 12.3.0 before 12.3.5 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to handle group search feature provided by elasticsearch integration. Successful exploitation allows attackers to disclose private merge requests information.
The host is installed with Gitlab-ce or Gitlab-ee before 11.6.10, 11.7.x before 11.7.6 or 11.8.x before 11.8.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the prometheus integration in gitlab. Successful exploitation allows attackers to make requests to any local network resource accessible from the GitLab server.
The host is installed with Gitlab-ce or Gitlab-ee 8.14 through 12.2.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the jira integration in gitlab. Successful exploitation allows attackers to make requests to any resources accessible in the local network by the GitLab server.
The host is installed with Gitlab-ce or Gitlab-ee 10.1 through 12.2.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the kubernetes integration in gitlab. Successful exploitation allows attackers to request any local network resource accessible from the GitLab server.
The host is installed with Gitlab-ce or Gitlab-ee before 11.6.10, 11.7.x before 11.7.6 or 11.8.x before 11.8.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the prometheus integration in gitlab. Successful exploitation allows attackers to make requests to any local network resource accessible from the GitLab server.
The host is installed with Gitlab-ce or Gitlab-ee 8.14 through 12.2.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the jira integration in gitlab. Successful exploitation allows attackers to make requests to any resources accessible in the local network by the GitLab server.
The host is installed with Gitlab-ce or Gitlab-ee 10.1 through 12.2.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the kubernetes integration in gitlab. Successful exploitation allows attackers to request any local network resource accessible from the GitLab server.
The host is installed with Gitlab-ee after 11.5, before 12.1.14, 12.2.0 before 12.2.8, 12.3.0 before 12.3.5 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to handle group search feature provided by elasticsearch integration. Successful exploitation allows attackers to disclose private merge requests information.
The host is installed with Gitlab-ce or Gitlab-ee 8.15 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an acess control issue. Successful exploitation allows attackers to obtain sensitive information.