Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1055 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | ||||
CVE-2022-3330 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | ||||
CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. | ||||
CVE-2022-3325 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.7 Low |
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user. | ||||
CVE-2022-3411 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | ||||
CVE-2022-3331 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues. | ||||
CVE-2022-3381 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | ||||
CVE-2022-3375 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.1 Low |
An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. | ||||
CVE-2022-3283 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.5 High |
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. | ||||
CVE-2022-3286 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token | ||||
CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 2.7 Low |
An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | ||||
CVE-2022-3293 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 | ||||
CVE-2022-3291 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache | ||||
CVE-2022-3288 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. | ||||
CVE-2022-3265 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.3 High |
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.5 Low |
An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | ||||
CVE-2022-3285 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.3 Medium |
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab | ||||
CVE-2022-3067 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.5 Medium |
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. | ||||
CVE-2022-3066 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.4 Medium |
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. | ||||
CVE-2022-3060 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 7.3 High |
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests |