VYPR

CE/EE

by GitLab Inc.

Source repositories

CVEs (414)

  • CVE-2023-0805May 3, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a…

  • CVE-2023-1204May 3, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by…

  • CVE-2023-1965May 3, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to…

  • CVE-2023-0155May 3, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown

  • CVE-2023-2182May 3, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become…

  • CVE-2023-1708Apr 5, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.05

    An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

  • CVE-2023-1167Apr 5, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

  • CVE-2023-1098Apr 5, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from…

  • CVE-2022-4331Mar 9, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group,…

  • CVE-2023-1084Mar 9, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.03

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a…

  • CVE-2023-0518Feb 13, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.02

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

  • CVE-2022-4255Jan 27, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

  • CVE-2022-4201Jan 27, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

  • CVE-2022-4335Jan 27, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

  • CVE-2022-3740Jan 24, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package…

  • CVE-2022-4092Jan 24, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.05

    An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

  • CVE-2022-2907Jan 17, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project…

  • CVE-2022-3870Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's…

  • CVE-2022-4167Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

  • CVE-2022-4365Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in…

Page 7 of 21