Filtered by vendor Gitlab
Subscribe
Total
1213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 3.5 LOW | 2.7 LOW |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | |||||
| CVE-2022-1423 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | |||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | |||||
| CVE-2022-1783 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. | |||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | |||||
| CVE-2022-2243 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. | |||||
| CVE-2022-2303 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. | |||||
| CVE-2022-0125 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project. | |||||
| CVE-2022-2539 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. | |||||
| CVE-2022-1174 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | |||||
| CVE-2022-1185 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file | |||||
| CVE-2021-39947 | 1 Gitlab | 1 Gitlab Runner | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs | |||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 5.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
| CVE-2022-2456 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. | |||||
| CVE-2022-3330 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 4.3 MEDIUM |
| It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | |||||
| CVE-2022-1821 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. | |||||
| CVE-2022-1460 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user. | |||||
| CVE-2022-2229 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. | |||||
| CVE-2022-0172 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones. | |||||
| CVE-2022-1148 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites | |||||