Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1149 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3331 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 3.5 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues. | ||||
| CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. | ||||
| CVE-2022-3330 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 4.3 Medium |
| It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | ||||
| CVE-2022-2992 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 9.9 Critical |
| A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | ||||
| CVE-2022-2884 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 9.9 Critical |
| A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint | ||||
| CVE-2022-2865 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2022-2908 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | ||||
| CVE-2022-2630 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events. | ||||
| CVE-2022-2592 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. | ||||
| CVE-2022-2533 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||
| CVE-2022-2527 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 7.3 High |
| An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. | ||||
| CVE-2022-2455 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project. | ||||
| CVE-2022-2428 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.4 Medium |
| A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests | ||||
| CVE-2022-3066 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. | ||||
| CVE-2022-3060 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 7.3 High |
| Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | ||||
| CVE-2022-3031 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. | ||||
| CVE-2022-3030 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. | ||||
| CVE-2022-2931 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 7.5 High |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. | ||||
| CVE-2022-3325 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 2.7 Low |
| Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user. | ||||
| CVE-2022-3293 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 3.5 Low |
| Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 | ||||