GitLab Multiple Vulnerabilities
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in GitLab, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, security restriction bypass and elevation of privilege on the targeted system.
Note: CVE-2021-39935 is actively exploited in the wild. An unauthenticated attacker could exploit server-side request forgery vulnerability, leading to security restriction bypass. Hence, the risk level is rated as High Risk.
[Updated on 2026-02-04]
Updated Description, Related Links and Risk Level.
Impact
- Denial of Service
- Information Disclosure
- Security Restriction Bypass
- Elevation of Privilege
System / Technologies affected
- GitLab Community Edition (CE) versions prior to 14.5.2, 14.4.4, and 14.3.6
GitLab Enterprise Edition (EE) versions prior to 14.5.2, 14.4.4, and 14.3.6
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
- The vendor has issued a fix
https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
Vulnerability Identifier
- CVE-2021-39945
- CVE-2021-39944
- CVE-2021-39941
- CVE-2021-39940
- CVE-2021-39938
- CVE-2021-39937
- CVE-2021-39936
- CVE-2021-39935
- CVE-2021-39934
- CVE-2021-39933
- CVE-2021-39932
- CVE-2021-39931
- CVE-2021-39930
- CVE-2021-39919
- CVE-2021-39918
- CVE-2021-39917
- CVE-2021-39916
- CVE-2021-39915
- CVE-2021-39910
Source
Related Link
Related Tags
Share with