Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-0167

Exploit
  • EPSS 0.2%
  • Veröffentlicht 01.07.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:03

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of f...

5.3

CVE-2022-1954

  • EPSS 0.17%
  • Veröffentlicht 01.07.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:49

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted we...

5.3

CVE-2022-1963

  • EPSS 1.17%
  • Veröffentlicht 01.07.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:41:50

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authe...

3.5

CVE-2022-1981

  • EPSS 0.18%
  • Veröffentlicht 01.07.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:41:52

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains,...

5.3

CVE-2022-1999

  • EPSS 0.15%
  • Veröffentlicht 01.07.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:41:55

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.

6.5

CVE-2022-2228

  • EPSS 0.15%
  • Veröffentlicht 01.07.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:34

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access res...

7.5

CVE-2022-2229

  • EPSS 0.22%
  • Veröffentlicht 01.07.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:35

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public proje...

5.3

CVE-2022-2270

  • EPSS 0.16%
  • Veröffentlicht 01.07.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:39

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect pe...

4.3

CVE-2022-1983

  • EPSS 0.13%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:53

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location t...

8.8

CVE-2022-2185

  • EPSS 90.01%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:30

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted pro...