Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-1545

  • EPSS 0.26%
  • Veröffentlicht 11.05.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:56

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.

4.3

CVE-2022-1124

  • EPSS 0.25%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:05

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled

5.3

CVE-2022-1352

  • EPSS 0.21%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:33

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with...

6.5

CVE-2022-1406

  • EPSS 0.22%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:40

Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project

4.3

CVE-2022-1426

  • EPSS 0.2%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:42

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had so...

4.3

CVE-2022-1428

  • EPSS 0.14%
  • Veröffentlicht 11.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:42

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package ...

4.3

CVE-2022-1417

  • EPSS 0.28%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:41

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Proje...

5.3

CVE-2022-1431

  • EPSS 0.33%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:43

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to t...

4.9

CVE-2022-0477

  • EPSS 0.19%
  • Veröffentlicht 25.04.2022 17:15:36
  • Zuletzt bearbeitet 21.11.2024 06:38:44

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delet...

4.3

CVE-2022-1193

Exploit
  • EPSS 0.14%
  • Veröffentlicht 11.04.2022 20:15:18
  • Zuletzt bearbeitet 21.11.2024 06:40:13

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances