Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2022-1157

  • EPSS 0.21%
  • Veröffentlicht 11.04.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:40:09

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

6.1

CVE-2022-1175

  • EPSS 10.32%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:11

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.

6.5

CVE-2022-1185

  • EPSS 0.37%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:12

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file

5.3

CVE-2022-1188

  • EPSS 0.33%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirror...

4.3

CVE-2022-1189

  • EPSS 0.22%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the a...

5.4

CVE-2022-1190

  • EPSS 1.65%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

4.3

CVE-2022-0740

  • EPSS 0.08%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:17

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 make...

4.3

CVE-2022-1099

  • EPSS 0.17%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:01

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab

4.3

CVE-2022-1100

  • EPSS 0.17%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:02

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused expo...

4.3

CVE-2022-1105

  • EPSS 0.2%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:02

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disable...