VYPR

CE/EE

by GitLab Inc.

Source repositories

CVEs (414)

  • CVE-2022-3331Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that…

  • CVE-2022-3330Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.

  • CVE-2022-3279Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.01

    An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs

  • CVE-2022-2455Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server…

  • CVE-2022-2865Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers…

  • CVE-2022-2630Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.

  • CVE-2022-2908Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in…

  • CVE-2022-3060Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests

  • CVE-2022-2931Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high…

  • CVE-2022-3351Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events…

  • CVE-2022-2428Oct 17, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

  • CVE-2022-2459Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the…

  • CVE-2022-2500Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.

  • CVE-2022-2501Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are…

  • CVE-2022-2303Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using…

  • CVE-2022-2307Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the…

  • CVE-2022-2498Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

  • CVE-2022-2456Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or…

  • CVE-2022-2417Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could…

  • CVE-2022-2539Aug 5, 2022
    GitLab Inc.
    GitLab
    risk 0.00cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.

Page 9 of 21