VYPR

CE/EE

by GitLab Inc.

Source repositories

CVEs (414)

  • CVE-2022-2512Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a…

  • CVE-2022-2499Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that…

  • CVE-2022-2497Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.02

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying…

  • CVE-2022-2531Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific…

  • CVE-2022-1954Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers

  • CVE-2022-1963Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in…

  • CVE-2022-2228Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab…

  • CVE-2022-1999Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.

  • CVE-2022-1981Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be…

  • CVE-2022-1983Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries…

  • CVE-2022-2243Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.

  • CVE-2022-2235Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link

  • CVE-2022-2281Jul 1, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.

  • CVE-2022-1680Jun 6, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.04

    An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available…

  • CVE-2022-1783Jun 6, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a…

  • CVE-2022-1944Jun 6, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers'…

  • CVE-2022-1936Jun 6, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any…

  • CVE-2022-1940Jun 6, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially…

  • CVE-2022-1935Jun 6, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any…

  • CVE-2022-1423May 19, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache…

Page 10 of 21