CVE-2022-4365
- EPSS 0.7%
- Veröffentlicht 12.01.2023 04:15:10
- Zuletzt bearbeitet 08.04.2025 14:15:29
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by ch...
CVE-2023-0042
- EPSS 0.18%
- Veröffentlicht 12.01.2023 04:15:10
- Zuletzt bearbeitet 08.04.2025 14:15:30
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2022-4037
- EPSS 0.62%
- Veröffentlicht 12.01.2023 04:15:09
- Zuletzt bearbeitet 08.04.2025 17:15:32
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third...
CVE-2022-3514
- EPSS 0.34%
- Veröffentlicht 12.01.2023 04:15:08
- Zuletzt bearbeitet 08.04.2025 16:15:19
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab ins...
CVE-2022-3573
- EPSS 1.33%
- Veröffentlicht 12.01.2023 04:15:08
- Zuletzt bearbeitet 08.04.2025 16:15:22
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in t...
CVE-2022-3613
- EPSS 0.38%
- Veröffentlicht 12.01.2023 04:15:08
- Zuletzt bearbeitet 08.04.2025 16:15:23
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and...
CVE-2022-3870
- EPSS 1.23%
- Veröffentlicht 12.01.2023 04:15:08
- Zuletzt bearbeitet 09.04.2025 14:15:24
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user a...
CVE-2022-3706
- EPSS 0.16%
- Veröffentlicht 10.11.2022 00:15:22
- Zuletzt bearbeitet 21.11.2024 07:20:04
Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeli...
- EPSS 0.33%
- Veröffentlicht 10.11.2022 00:15:22
- Zuletzt bearbeitet 21.11.2024 07:20:06
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP request...
CVE-2022-3793
- EPSS 0.18%
- Veröffentlicht 10.11.2022 00:15:22
- Zuletzt bearbeitet 21.11.2024 07:20:14
An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have ac...