VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2022-4255MedJan 27, 2023
    affected >= 13.7.0, < 15.4.6fixed 15.4.6

    An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

  • CVE-2022-4205MedJan 27, 2023
    affected >= 1.0.0, < 12.9.8fixed 12.9.8

    In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

  • CVE-2022-4201LowJan 27, 2023
    affected >= 11.3.0, < 15.4.6fixed 15.4.6

    A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

  • CVE-2022-4335MedJan 27, 2023
    affected < 15.4.6fixed 15.4.6

    A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

  • CVE-2022-4092MedJan 26, 2023
    affected >= 15.6.0, < 15.6.1fixed 15.6.1

    An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

  • CVE-2022-4054MedJan 26, 2023
    affected >= 9.3.0, < 15.4.6fixed 15.4.6

    An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the web

  • CVE-2022-3902MedJan 26, 2023
    affected >= 9.3.0, < 15.4.6fixed 15.4.6

    An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the l

  • CVE-2022-3820MedJan 26, 2023
    affected >= 15.4.0, < 15.4.6fixed 15.4.6

    An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in

  • CVE-2022-3740MedJan 26, 2023
    affected >= 12.9.0, < 15.4.6fixed 15.4.6

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package regis

  • CVE-2022-3572CriJan 26, 2023
    affected >= 13.5.0, < 15.4.6fixed 15.4.6

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XS

  • CVE-2022-3482MedJan 26, 2023
    affected >= 11.3.0, < 15.4.6fixed 15.4.6

    An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

  • CVE-2022-3478MedJan 26, 2023
    affected >= 12.8.0, < 15.4.6fixed 15.4.6

    An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.

  • CVE-2022-2907MedJan 17, 2023
    affected >= 12.9.0, < 15.1.6fixed 15.1.6

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project memb

  • CVE-2023-0042MedJan 12, 2023
    affected >= 11.4.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.

  • CVE-2022-4365MedJan 12, 2023
    affected >= 11.8.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in t

  • CVE-2022-4342MedJan 12, 2023
    affected >= 15.1.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the

  • CVE-2022-4167MedJan 12, 2023
    affected >= 13.11.0, < 15.5.7fixed 15.5.7

    Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

  • CVE-2022-4131MedJan 12, 2023
    affected >= 10.8.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex i

  • CVE-2022-4037MedJan 12, 2023
    affected < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using Git

  • CVE-2022-3870MedJan 12, 2023
    affected >= 10.0.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user

Page 30 of 54