Total
809 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 5.3 MEDIUM |
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | |||||
CVE-2022-2907 | 1 Gitlab | 1 Gitlab | 2023-01-24 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link. | |||||
CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2023-01-20 | N/A | 6.1 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | |||||
CVE-2022-4365 | 1 Gitlab | 1 Gitlab | 2023-01-20 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page. | |||||
CVE-2022-4037 | 1 Gitlab | 1 Gitlab | 2023-01-20 | N/A | 8.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider. | |||||
CVE-2022-3613 | 1 Gitlab | 1 Gitlab | 2023-01-19 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service. | |||||
CVE-2022-3870 | 1 Gitlab | 1 Gitlab | 2023-01-19 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility. | |||||
CVE-2022-3514 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. | |||||
CVE-2022-4131 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 5.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. | |||||
CVE-2022-4342 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 3.8 LOW |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook. | |||||
CVE-2022-4167 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 7.5 HIGH |
Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them. | |||||
CVE-2020-13294 | 1 Gitlab | 1 Gitlab | 2022-12-06 | 5.5 MEDIUM | 5.4 MEDIUM |
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | |||||
CVE-2020-14155 | 5 Apple, Gitlab, Netapp and 2 more | 19 Macos, Gitlab, Active Iq Unified Manager and 16 more | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | |||||
CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 6.1 MEDIUM |
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 4.3 MEDIUM |
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | |||||
CVE-2022-3706 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 4.3 MEDIUM |
Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. | |||||
CVE-2022-3726 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 9.0 CRITICAL |
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account. | |||||
CVE-2022-3819 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 4.3 MEDIUM |
An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. | |||||
CVE-2022-3483 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 5.4 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. |