Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2527 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 8.0 HIGH |
| An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. | |||||
| CVE-2022-1999 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. | |||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 2.7 LOW |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | |||||
| CVE-2022-1433 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute. | |||||
| CVE-2021-39943 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call | |||||
| CVE-2022-1963 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. | |||||
| CVE-2022-1545 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. | |||||
| CVE-2022-1162 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | |||||
| CVE-2022-0123 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services. | |||||
| CVE-2021-39908 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | |||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||
| CVE-2022-1510 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption. | |||||
| CVE-2022-1460 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user. | |||||
| CVE-2022-1406 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project | |||||
| CVE-2022-1821 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. | |||||
| CVE-2022-0741 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | |||||
| CVE-2022-2227 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 4.3 MEDIUM |
| Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions | |||||
| CVE-2022-1174 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | |||||
| CVE-2022-1983 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. | |||||
| CVE-2022-1100 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | |||||