VYPR

CE/EE

by GitLab Inc.

Source repositories

CVEs (414)

  • CVE-2022-4037Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using…

  • CVE-2022-3870Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's…

  • CVE-2022-3573Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an…

  • CVE-2022-4365Jan 12, 2023
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in…

  • CVE-2022-3819Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.

  • CVE-2022-3280Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

  • CVE-2022-2761Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have…

  • CVE-2022-3706Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't…

  • CVE-2022-3483Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by…

  • CVE-2022-3413Nov 9, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit…

  • CVE-2022-3018Oct 28, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from…

  • CVE-2022-3639Oct 21, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger…

  • CVE-2022-3067Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read…

  • CVE-2022-3060Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests

  • CVE-2022-2908Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in…

  • CVE-2022-3325Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.

  • CVE-2022-2931Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high…

  • CVE-2022-3331Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that…

  • CVE-2022-3286Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token

  • CVE-2022-3291Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

Page 8 of 21