VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,215)

  • CVE-2022-2630MedOct 17, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.

  • CVE-2022-2303MedAug 5, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using…

  • CVE-2022-2095MedAug 5, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's…

  • CVE-2022-1954MedJul 1, 2022
    risk 0.28cvss 4.3epss 0.01

    A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers

  • CVE-2022-2244MedJul 1, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.

  • CVE-2022-1821MedJun 6, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their…

  • CVE-2022-1416MedMay 19, 2022
    risk 0.28cvss 4.3epss 0.01

    Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS…

  • CVE-2022-1545MedMay 11, 2022
    risk 0.28cvss 4.3epss 0.01

    It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.

  • CVE-2022-1428MedMay 11, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in…

  • CVE-2022-1124MedMay 11, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled

  • CVE-2022-1431MedMay 10, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing…

  • CVE-2022-1417MedMay 10, 2022
    risk 0.28cvss 4.3epss 0.01

    Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via…

  • CVE-2022-1193MedApr 11, 2022
    risk 0.28cvss 4.3epss 0.01

    Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances

  • CVE-2022-1174MedApr 4, 2022
    risk 0.28cvss 4.3epss 0.01

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge…

  • CVE-2022-1105MedApr 4, 2022
    risk 0.28cvss 4.3epss 0.01

    An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled

  • CVE-2022-1100MedApr 4, 2022
    risk 0.28cvss 4.3epss 0.01

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks…

  • CVE-2022-1099MedApr 4, 2022
    risk 0.28cvss 4.3epss 0.01

    Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab

  • CVE-2022-0390MedApr 1, 2022
    risk 0.28cvss 4.3epss 0.01

    Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.

  • CVE-2022-0373MedApr 1, 2022
    risk 0.28cvss 4.3epss 0.01

    Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address

  • CVE-2022-0371MedMar 28, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their…

Page 32 of 61