Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-2227

  • EPSS 0.16%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:34

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta dat...

4.8

CVE-2022-2230

  • EPSS 0.46%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:35

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in Git...

5.4

CVE-2022-2235

  • EPSS 0.31%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:35

Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously...

4.3

CVE-2022-2243

  • EPSS 0.18%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:36

An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.

4.3

CVE-2022-2244

  • EPSS 0.17%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:36

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature...

6.1

CVE-2022-2250

  • EPSS 0.39%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:37

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

5.3

CVE-2022-2281

  • EPSS 0.21%
  • Veröffentlicht 01.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:40

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.

8.8

CVE-2022-1680

  • EPSS 8.94%
  • Veröffentlicht 06.06.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:14

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, th...

4

CVE-2022-1783

  • EPSS 0.47%
  • Veröffentlicht 06.06.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:41:27

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers t...

4.3

CVE-2022-1821

Exploit
  • EPSS 0.2%
  • Veröffentlicht 06.06.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:41:32

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access t...