Total
1199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0124 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack. | |||||
| CVE-2022-0373 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 3.5 LOW | 4.3 MEDIUM |
| Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | |||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||
| CVE-2021-39892 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. | |||||
| CVE-2022-2185 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 7.5 HIGH | 8.8 HIGH |
| A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. | |||||
| CVE-2022-0735 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. | |||||
| CVE-2022-1545 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. | |||||
| CVE-2022-1431 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption. | |||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. | |||||
| CVE-2022-0093 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds. | |||||
| CVE-2022-2459 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. | |||||
| CVE-2022-0741 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | |||||
| CVE-2022-2512 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | |||||
| CVE-2022-1413 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | |||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 3.5 LOW | 2.7 LOW |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | |||||
| CVE-2022-1423 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | |||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | |||||
| CVE-2022-1783 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. | |||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | |||||