VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2022-3613MedJan 12, 2023
    affected < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service

  • CVE-2022-3573MedJan 12, 2023
    affected >= 15.4.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attac

  • CVE-2022-3514MedJan 12, 2023
    affected >= 6.6.0, < 15.5.7fixed 15.5.7

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex is

  • CVE-2022-3819LowNov 10, 2022
    affected >= 15.0.0, < 15.3.5fixed 15.3.5

    An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.

  • CVE-2022-3818MedNov 10, 2022
    affected < 15.3.5fixed 15.3.5

    An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.

  • CVE-2022-3793MedNov 10, 2022
    affected >= 12.6.0, < 15.3.5fixed 15.3.5

    An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.

  • CVE-2022-3726MedNov 10, 2022
    affected >= 12.6.0, < 15.3.5fixed 15.3.5

    Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's acc

  • CVE-2022-3706LowNov 10, 2022
    affected >= 7.14.0, < 15.3.5fixed 15.3.5

    Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't ha

  • CVE-2022-3413MedNov 10, 2022
    affected >= 14.5.0, < 15.3.5fixed 15.3.5

    Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Even

  • CVE-2022-3486MedNov 9, 2022
    affected >= 9.4.0, < 15.3.5fixed 15.3.5

    An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.

  • CVE-2022-3483MedNov 9, 2022
    affected >= 12.1.0, < 15.3.5fixed 15.3.5

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modi

  • CVE-2022-3285MedNov 9, 2022
    affected >= 12.0.0, < 15.2.5fixed 15.2.5

    Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab

  • CVE-2022-3280LowNov 9, 2022
    affected >= 10.1.0, < 15.3.5fixed 15.3.5

    An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

  • CVE-2022-3265HigNov 9, 2022
    affected < 15.3.5fixed 15.3.5

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed a

  • CVE-2022-2761MedNov 9, 2022
    affected >= 13.9.0, < 15.3.5fixed 15.3.5

    An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have

  • CVE-2022-2904HigNov 2, 2022
    affected >= 15.2.0, < 15.2.5fixed 15.2.5

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status

  • CVE-2022-2826LowOct 28, 2022
    affected >= 10.0.0, < 12.9.8fixed 12.9.8

    An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO

  • CVE-2022-3018MedOct 28, 2022
    affected >= 9.3.0, < 15.2.5fixed 15.2.5

    An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from

  • CVE-2022-2882MedOct 28, 2022
    affected >= 12.6.0, < 15.2.5fixed 15.2.5

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modif

  • CVE-2022-3639MedOct 21, 2022
    affected >= 10.8.0, < 15.1.6fixed 15.1.6

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger hig

Page 31 of 54