VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2023-1787MedApr 5, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.

  • CVE-2023-1417MedApr 5, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.

  • CVE-2023-1072MedMar 9, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for…

  • CVE-2022-3381MedMar 9, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites

  • CVE-2023-0518MedFeb 13, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

  • CVE-2022-3759MedFeb 13, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses…

  • CVE-2022-4255MedJan 27, 2023
    risk 0.28cvss 4.3epss 0.00

    An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

  • CVE-2022-4335MedJan 27, 2023
    risk 0.28cvss 4.3epss 0.01

    A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

  • CVE-2022-3478MedJan 26, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.

  • CVE-2022-4131MedJan 12, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex…

  • CVE-2022-3514MedJan 12, 2023
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex…

  • CVE-2022-3793MedNov 10, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.

  • CVE-2022-3413MedNov 10, 2022
    risk 0.28cvss 4.3epss 0.00

    Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit…

  • CVE-2022-2761MedNov 9, 2022
    risk 0.28cvss 4.3epss 0.01

    An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have…

  • CVE-2022-3639MedOct 21, 2022
    risk 0.28cvss 4.3epss 0.01

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger…

  • CVE-2022-3351MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events…

  • CVE-2022-3330MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.01

    It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.

  • CVE-2022-3030MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.

  • CVE-2022-2908MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.01

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in…

  • CVE-2022-2630MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.

Page 31 of 61