Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2270 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. | ||||
| CVE-2022-2228 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 6.5 Medium |
| Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range | ||||
| CVE-2022-1999 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. | ||||
| CVE-2022-1981 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 2.7 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list. | ||||
| CVE-2022-1963 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. | ||||
| CVE-2022-2281 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.3 Medium |
| An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. | ||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 6.1 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-2235 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.4 Medium |
| Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link | ||||
| CVE-2022-2230 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 4.8 Medium |
| A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf. | ||||
| CVE-2021-4191 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | ||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 10.0 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | ||||
| CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 5.5 Medium |
| An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | ||||
| CVE-2021-22169 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 Medium |
| An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. | ||||
| CVE-2021-22233 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 Medium |
| An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | ||||
| CVE-2021-39934 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 Medium |
| Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | ||||
| CVE-2021-22180 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. | ||||
| CVE-2021-22170 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 7.5 High |
| Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | ||||
| CVE-2021-39931 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. | ||||
| CVE-2021-39932 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. | ||||
| CVE-2020-13270 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 8.8 High |
| Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | ||||