Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-3288

  • EPSS 0.16%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 13.05.2025 16:15:21

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

6.5

CVE-2022-3291

  • EPSS 0.45%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 13.05.2025 16:15:21

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

4.3

CVE-2022-3293

  • EPSS 0.18%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 13.05.2025 16:15:21

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

4.3

CVE-2022-3325

  • EPSS 0.19%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 13.05.2025 16:15:22

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API ...

4.3

CVE-2022-3330

  • EPSS 0.16%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 21.11.2024 07:19:18

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.

4.3

CVE-2022-3331

Exploit
  • EPSS 0.17%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 14.05.2025 21:15:54

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object...

4.3

CVE-2022-3351

  • EPSS 0.26%
  • Veröffentlicht 17.10.2022 16:15:22
  • Zuletzt bearbeitet 21.11.2024 07:19:21

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker th...

6.5

CVE-2022-2455

  • EPSS 0.27%
  • Veröffentlicht 17.10.2022 16:15:21
  • Zuletzt bearbeitet 13.05.2025 20:15:21

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized...

8

CVE-2022-2527

  • EPSS 0.5%
  • Veröffentlicht 17.10.2022 16:15:21
  • Zuletzt bearbeitet 13.05.2025 20:15:21

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated at...

7.4

CVE-2022-2533

  • EPSS 0.16%
  • Veröffentlicht 17.10.2022 16:15:21
  • Zuletzt bearbeitet 13.05.2025 20:15:21

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some ...