Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-1426

  • EPSS 0.2%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:42

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had so...

4.3

CVE-2022-1428

  • EPSS 0.14%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:42

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package ...

4.3

CVE-2022-1417

  • EPSS 0.3%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:41

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Proje...

5.3

CVE-2022-1431

  • EPSS 0.33%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:43

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to t...

4.9

CVE-2022-0477

  • EPSS 0.19%
  • Veröffentlicht 25.04.2022 17:15:36
  • Zuletzt bearbeitet 21.11.2024 06:38:44

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delet...

4.3

CVE-2022-1193

Exploit
  • EPSS 0.14%
  • Veröffentlicht 11.04.2022 20:15:18
  • Zuletzt bearbeitet 21.11.2024 06:40:13

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances

3.5

CVE-2022-1157

  • EPSS 0.21%
  • Veröffentlicht 11.04.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:40:09

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

6.1

CVE-2022-1175

  • EPSS 10.32%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:11

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.

6.5

CVE-2022-1185

  • EPSS 0.37%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:12

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file

5.3

CVE-2022-1188

  • EPSS 0.33%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirror...