Filtered by vendor Gitlab
Subscriptions
Total
1068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 9.9 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | ||||
| CVE-2021-22203 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. | ||||
| CVE-2021-22172 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page | ||||
| CVE-2021-22168 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. | ||||
| CVE-2021-22166 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method | ||||
| CVE-2021-22182 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. | ||||
| CVE-2021-22176 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests | ||||
| CVE-2021-4191 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | ||||
| CVE-2022-4462 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. | ||||
| CVE-2022-4376 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. | ||||
| CVE-2022-4365 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page. | ||||
| CVE-2022-4342 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook. | ||||
| CVE-2022-4331 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group. | ||||
| CVE-2022-4317 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2024-08-03 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | ||||
| CVE-2022-4315 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2024-08-03 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | ||||
| CVE-2022-4335 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. | ||||
| CVE-2022-4289 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users. | ||||
| CVE-2022-4206 | 1 Gitlab | 1 Dast Api Scanner | 2024-08-03 | 5 Medium |
| A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | ||||
| CVE-2022-4255 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. | ||||
| CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.3 Medium |
| In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | ||||